Security :: How To Use Duplicate User Names With The Same Database Over Different Domains
Dec 11, 2010
We are buling a hosted ecommerce shopping cart solution and I would like to use asp.net's built-in membership provider. We dont really want to have a seperate database for each domain, we want to share the same database across mupltiple domains for different customers. Each domain is a seperate store.
My problem is that since it's a shared hosted solution people coming from different domains might use the same user name and it would show as if already existed. Is there an addional field I can use to store the domain name so basicly would be unique by username and domain name. We don't want to share information between stores.
I'm trying to find out how i store user names and passwords in the web.config file. I have tried looking for documentation on this but haven't found any so far.
I see in the class library it says that the Authenticate method of the FormsAuthentication class is for use in authenticating credentials against those stored in the config file, but i don't know how to store them there to begin with. I want to store two username:password pairs in the web.config file preferably encrypted.
one of these username:password pairs i want to be hard coded. The other i want to be able to be reset with a password reset form which I will code later. I guess there maybe a method for creating a sername:password entry in the web.config which could be used with my password reset form if such a method exists. But I need to know how to hand code the username:password entries into the web.config file to begin with and to beable to create the hard coded pair.
code I need to add to my web.config file i need to add and in what section?
also can you point me in the direction of a method used for creating username:password entries in web.config
In my application I have controller named `Snippets` both in default area (in application root) and in my area called `Manage`. I use T4MVC and custom routes, like this:
I'm using SqlMembershipProvider and SqlRoleProvider for user management.
Users are created by
Dim MCS As System.Web.Security.MembershipCreateStatus Dim NewUser As MembershipUser = Membership.CreateUser(TB_UserName.Text, TB_Pw.Text, TB_Email.Text, TB_SecQuestion.Text, TB_SecAnswer.Text, False, MCS) later, after email confirmation, I take the user into a specified role Dim myUser As System.Web.Security.MembershipUser = Nothing myUser = Membership.GetUser(New Guid(Request("RegID")))Catch If myUser IsNot Nothing Then myUser.Comment += " approved " Membership.UpdateUser(myUser) Roles.AddUserToRole(myUser.UserName, "role") End if
After this I have two entries with the same UserName in aspnet_Users table, but with different UserId's. One UserId is referenced in aspnet_Membership table and the other in the aspnet_UsersInRoles table.
I have a web app located at [URL] and I have several domains, such as [URL], [URL], etc. all pointing to the same directory in IIS. I use Host Headers to acheive this by setting the 'Host Header Values' under properties for the main site (under the Web site identification section). Based on the host header value I perform different functions in my pages.
Because of the way I have it set up, all the domains share the same files, web.config, etc. I have set the 'machinekey' in my web.config and have forms authemtication. However, when I go to MyMainSite.com and log in and then the user clicks a link and gets directed to MyFirstSite.com the user is shown as logged out. I need the user to be logged in and I need to be able to access the logged in user profile to display certain information. I thought by setting the 'machinekey', i could acheive this, but it does not seem to work.
how to go about having a single log on for my users?
The articles I have found show the same domain or have different domains each with a different web.config. The way they describe does not seem to work for me.
I've set up an ASP.NET MVC application for my company's Intranet that grabs the user's NT creds via System.Web.HttpContext.User and checks against its own database to perform authentication/authorization.This works just fine on my local machine, and I assume it will also work once deployed to the production server, but the development server is on a different domain than the users. While trying to test the app, Iget prompted for a username and password, which isn't supposed to happen. Worse, entering my login creds still doesn't work. I'm deploying a MVC 2 application to an IIS 6 server.The steps I read to take to get Integrated Windows Authentication to work included putting these lines in my Web.config file:
[Code]....
Then, on IIS in Directory Security uncheck the checkbox that allows anonymous authentication, and make certain that only Windows authentication is checked in the access methods section. I've done these things, but since I'm dealing with cross-domain authentication, it's dead in the water. I tried a Google search, and I'll continue with this, but I haven't found anything yet. I'm not incredibly savy when it comes to domain issues, so I might have seen a possible solution and not recognized it.
read a cookie of a site with a different domain? I am currently trying to avoid an extra of step of logging into a website that I am currently developing.
Want the forms based auth to persist (they use the same database for membership)
I tried to simply add a "." before the domain name in the forms tags (see below for example) - but this didn't work - it acutally prevented me from logging in at all. how i can persist the login? Does the admin need the same values for "name", "path" and "domain" as the main site?
im using visual studio 2008. my requirement is to implement single sign on across many domains without using cookies. is this possible? for example, i have 3 domains (hosted in 3 different systems). www.domain1.com www.domain2.com www.domain3.com and cookies are disabled. i implemented single sign on with cookies, if the sites are hosted in single system then it is working. but it doesnt work if cookies are disabled. i tried all made all possible google searches, but couldnt find anything useful.
Our application lets the administrator create new users. Since the administrator is logged in, I have set Logincreateduser = false so that the administrator is not logged out even after creating the new user.
The problem is :I need the userid of the newly created user to store additional details of the user in another database table. I see that i can get the username using Createuserwizard1.username; but how do I get the userID?
I am using the System.Web.ApplicationServices.AuthenticationService for Form Based Authentication.
The authenication is done by .LoginAsync based on the user roles got by .GetRolesForCurrentUserAsync.
How to query the database to get a list of all users in the system? I need the list to populate a combobox so the users can pick a contact within the system to connect to instead of simply typing the names and hoping for no typos.
I am using the create user wizard to create users that are then placed in the ASPNETDB database. Is there a way to delete users in the same fashion? I am using Visual Studio 2008 VB.NET.
i have using aspnet DataBase, and i know that i can Check if the User is OnLine or not By Using Membership.GetUser.isOnLine; this is when invoke method in asp.net Page , But i want to Know if there is another way to Check If the User OnLine or Notfrom aspnet dataBase
I have DropDownList displays all server present in my network I want to populate the databse names when i changed it into another dropdown I want a LINQ query to get this.
I have a problem with SqlMembershipProvider. I have already created database aspnetdb. I need to add new user to database however one error occured. This is my web.config file:
I would like to know how I can verify a user's credential against an existing asp.net membership database. The short story is that we want provide single sign on access.
So what I've done is to connect directly to the membership database and tried to run a sql query against the aspnet_Membership table:
[Code]....
The problem is the password value, does anyone know how the password it is hashed?
I have been working with this database for some time. Here is the situation...
I inherited a MS SQL database that has hundreds of tables with similar data. For instance:
FordTampa_customer is a table,
ChevyAtlanta_customer is a table, etc....
All of the columns are the same...just different tables with their own ID field. All I have done...Inside of another database id is created a table called 'Customer' and added an 'Dealer ID' column along with the rest of the other columns in the other tables...
So the combination of the 'Dealer ID' and the 'ID' field are unique.....I know...its not the best way to do things...but I cannot change the old data structure because I cannot have access to it. I am give back-ups on a weekly basis, so this is all I have to work with.
All right, on to the real point of my post...
Currently, I have an application that I use to select all of the data from the 'Ford_customers','Chevy_customers',etc... and inserts them into my new main 'Customer' table. I do this by selecting the table names, bind it to an arraylist, loop through the list and execute an insert statement.
I do this in VB.NET, but I would prefer to do it in a Stored procedure of some kind....I just am not sure how to accomplish it. I use this syntax to get my list of tables:
[Code]....
I am not sure how to take those names from the table and do another select based on that list of names.