One MVC Website with multiple whitelabels. How to use the MembershipProvider?

Question

0.00/5 (No votes)

See more:

Hi,

I'm currently working on a MVC4 Website which uses the standard MembershipProvider to enable login's. The website has multiple view's which use the same MVC engine, this way we have 1 website that acts like 2 different websites, while the only thing that is different is the design and URL. This all works great using a custom MVC View-engine.

Now for my problem, when I create a account on whitelabel #1, I can also login on whitelabel #2 using the same credentials. This is because both websites use the same MVC Engine, so they use the same MembershipProvider / ApplicationID.

This is wrong.

Both websites should have their own MembershipProvider, so you cannot login using the same credentials.

Now I've already goolged a little on this subject and found a solution by not using the singleton MembershipProvider and instanciate it myself. But then I cannot use the smart MVC security solutions like using the [Authorize] tag on controllers.

Does anyone have a solution for this?

Willem

Posted 9-Jan-13 3:37am

willempipi

Add a Solution

2 solutions

Solution 1

If you need to use a different membership provider, then you will probably find that you'll need to setup two independent Web Applications in IIS. You should library any common code between the two applications and just reference that code from each application. This will not only solve your authentication issues, but will also simplify the maintenance and flexibility of each application.

Posted 9-Jan-13 3:53am

fjdiewornncalwe

Comments

willempipi 9-Jan-13 10:39am

Sorry, it will be crazy to change everything, the current architecture is really powerfull in terms of expansion and the solution that you suggested is to throw that all away because you think it's complicated.

Think about it: 1 set of commen Controllers and Models, used by different Views.

I can always create my own security system without the smart MVC security solutions.

fjdiewornncalwe 9-Jan-13 10:51am

You are correct that you can write your own custom security system to handle it. I've just done something similar in implementing a Single Sign On system that can handle both Windows and Forms Authentication from both AD and DB based accounts. From the sound of your initial question, I was under the impression that you had two very separate applications that were simply running like virtual sub applications and were independent of each other. From your comment I would suggest the custom security system. Cheers.

willempipi 9-Jan-13 11:01am

Thanks, I'm already doing research in creating my own custom MembershipProvider, hopefully by overriding the MembershipProvider with my own custom MembershipProvider I can still use the smart MVC Security solutions... Thanks, and have nice day!

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

willempipi · Accepted Answer · 2013-01-09T09:50:00

Add this class:

C#

public class CustomMembershipProvider : SqlMembershipProvider
{
    public override string ApplicationName
    {
        get
        {
            return ConfigHelper.DomainConfig.Name; // My own applicationname according to the URL.
        }
        set
        {
        }
    }
}

Then replace the membership node in the web.config:

XML

<membership defaultprovider="CustomMembershipProvider">
  <providers>
    <clear />
    <add name="CustomMembershipProvider" type="CustomMembershipProvider">
         connectionStringName="ApplicationServices"
         enablePasswordRetrieval="false"
         enablePasswordReset="true"
         requiresQuestionAndAnswer="false"
         requiresUniqueEmail="false"
         maxInvalidPasswordAttempts="5"
         minRequiredPasswordLength="6"
         minRequiredNonalphanumericCharacters="0"
         passwordAttemptWindow="10"
         applicationName="/" />
  </add></providers>
</membership>