Authentication - Multi-app And Multi-user Database
Oct 29, 2010
We have a simple ASP.NET app that uses the ASP.NET SqlMembershipProvider and all is great.
We want to create a second app on the same server, also use the SqlMembershipProvider, but a different "applicationName" so that the user accounts between the two apps are kept separate.
It looks like this would be possible by making the two different app domains (ie they each have their own web.config), but I'm hoping to just put them in different directories so I don't have 3 web.configs (one for each app, and the main one) that all have to be kept synchronized. So what I'm after is:
/web.config
/APP1 (uses membership provider in /web.config, with userlist A)
/APP2 (uses membership provider in /web.config, with userlist B)
It looks simple to define multiple membership providers that use a different 'applicationName' value.
But how do you tell the system.web.authentication node which membership provider to use?
Our current application is working fine but when you try to misbehave like we found out that When login with same user in multiple tab with different organization(there is a organization dropdown in the master page which sets the cookie whenever it is changed.) in tab one it is org 1 and tab 2 it is org2 , cookie has the later org 2 in it but when we go back in tab1(which had org1) and save the record org 2 will be saved with the record So can some one share some sort of a checklist with us which address these types of problem.
Does anyone have any pointers for implementing the following: I want to cheaply enable multi-factor authentication on an asp.net website. I want people to be able to use an app on their phone (iPhone at the very least) to generate the token used alongside their username/password to login to the site. I do not want the people to have to carry a third-party device/fob to generate the token.
I have been seeking the best way, or at least a good way, to handle Client Access for a Multi-Tenant/SaaS-type web app designed with MVC 2.There are no tricks as far as client customizations needed here. So every company will have the same experience on the app. I just need to understand how I can isolate the experience so that a logged in user only sees data relevant to his company. My tactic is that my database houses a "tenantID" column for each row so I can easily isolate the rows that way. I am wondering if the default provider using the ASPNETDB.mdf can be modified to route users to their assigned company data. I have seen examples using route paths ({tenant}/{controller}/{action}/{id}) but even those threads express doubts. So if anyone has a good method that they are comfortable with, I am all ears (or eyes).
I would like to add this feature to my web application, for the end users to chose the type of the authentication either (windows) or (Forms), and add it in the admin setting. This can be done by changing the authentication type programmatically in the code. how can I do this? Note: The user can use one type at time only.
In a multitenant system that hosts multiple organizations and applications, where an organization may use several applications hosted on the system, should my user and role model be such that a single user or role can exist across multiple applications and organizations? Or should I limit a user entity to a single organization/application pair and then define some overarching model to tie those user entities together? That is: John Doe is a person He wants to use ApplicationA and ApplicationB He works for two different companies (just bear with me), OrganizationA and OrganizationB Should the user model be:
johndoe@someuniquesuffix is his unique user name. This gives him access to both applications for both organizations. johndoe@applicationa@organizationa is his username for ApplicationA at OrganizationA. [URL]is his username for ApplicationB at organizationA...and the same for OrganizationB. Then have some "master" list that says that all 4 user accounts for the apps/orgs correspond to the same actual "person", John Doe?
The same scenario(s) described above applies to how I will design my Role schema.
in my web application, what i did is when the user login, i check the username and password to the database, if user name and password match then allow to visit next pages and store the user name on Session, now my doubt is more then one user can use the same username and password(if they are friends then they shared their uname and pwd) so, how to avoid multiple use login?
The content of the web site I am creating is expected to store data for multiple languages. What I mean by the content is the actual data stored in the database (SQL Server 2008 R2). For example I have a database table to store available packages and one of the columns in this table is the description which is shown on the web site. This description should be stored in multiple languages for example (en, fr, de). What is the best way(s) to get this done, I can of course have the same table with multiple columns (each column representing a single language) and code the data access layer to load the proper column based on the current language, but is there an easier way? An ideal situation is where like in ASP.NET the database automatically detects the current language and return the proper column
I am developing a web application. This application is fully customised based on the user settings. Suppose, application hosted on [URL] and user can signup on the website and it will get the domain like [URL] and for user2 will be [URL] so and so forth. so in this case how would I maintain the session for each user? each user will be representing a single website along with public interface and admin pages.
what I am thinking is to store all the setting (for each user) in the database and then when ever server received request then get the user info from the URL (first time only and after get it from the session) and get user details but I am not very much satisfied with this approach.
I am working with asp.net 2.0 and sql server 2005. so trying to describe it below:
THE SITUATION
I have a few tables to hold data for billing information. The first table has each dedicated to each location, and a serial number that can be incremented. The concept is to update this data based on location, every time there is a new bill, so may be location A has serial 25 since it is doing well but location B has serial 5.
THE PROBLEM
SO based on this requirement I need to update a table to get the latest serial for a particular location and then use that serial for other tables which will be holding the billing details. The second part is as regular as it can be, but generating a new number, and getting this value is my problem. Since this will be multi user system, so I want some robust solution. I do not know whether I can use a identity field for this purpose or not.
I have a webservice which of course has to be .net 3.5 (a side note is does anyone know why you can't create a webservice using .net 4.0?).
Anyhow it is using entity framework, which I have recently discovered was a really bad mistake to try to use this in .net 3.5.
I have a table "Licenses" with the following columns: LicenseKey, ProductCode, OrderID, Seq, UserName.
In my asp.net 4.0 application I can simply do the following to perform an update:
[Code]....
But it appears there is no ExecuteStoreCommand in .net 3.5 with entity framework. Can anyone explain to me how to accomplish the same thing? The thing I need to point out is that because this is a multi-user access service. I need to verify that SQL will only update the given record where OrderID and Seq is what I tell it ONLY if the UserName is already null. So if two users process the same statement at the same time only one would work and the other would not because the sql should fail (or return 0, rather than a 1) for the second one.
I am looking at a design pattern which has come up in quite a few of my firm's projects.It has historically functioned correctly, however I have heard some other developers argue that there is a possibility of session corruption using this pattern. I'm looking for insight from other .NET developers here on Stack Overflow. Basically, there's a class -- usually either static or a Singleton pattern, depending largely on the developer who wrote it -- stored in App_Code.This class encapsulates access to the current session via properties.All of these properties take the form of:
[code]...
However,because this is just a static entry to HttpContext.Current.Session,it seems like it should be safe, as it is not fundamentally any different than the Page class encapsulating this in the Session property.As I said,no other site on which my company has worked that used this pattern saw it ever have any issues -- and that includes some pretty large and highly active userbases.But I want to just get a fresh perspective. Are there potential multi-user issues, race conditions, or other failings/flaws which specifically could cause session corruption in the above pattern?
I've got a system where tasks get loaded and assigned to staff members.
I'm thinking of how I would like to somehow refresh a client page for a staff member if a new task gets assigned to that staff member. Some clerical people will be loading and assigning tasks to staff members.
How have you all handled this type of refresh in a webby environment. I'm fully jQuery and Ajax so I've got the tools...
Means if i have two columns in database namely name & email
i wanna search the users or email by entering either name or email on textbox then after clicking the search button record will be displayed in gridview ?
I need to create a singleton that would hold lots of data for a spedesign patterns - Singleton behavior with multi-user requests in ASP.NETcific user. However, I am not unclear as to what the behavior of that singleton is in regard to multi-user app requests.
Here is the scenario:
On AppStart event I want to load common data for all users (from SQL) and store it as a collection somewhere within the ASP.NET storage mechanisms.
If I store that data in the cache, I would also have to create a static property in the Global.asax that would provide access to that the data from the cache.
This is not ideal because whenever an instance of any particular page, or generic handler, or what have you tries to query this data using Linq the property has to load the data from the cache... introducing latency. I need this data to be immediately available. (think of it as about 5K rows of data stored in collection of objects...)
I was thinking to use a singleton to get that data, and store it but I don't know how it would behave between requests (and postbacks), as well as application instances, in terms of its persistence.
On PostAuthenticate event I want to get user specific data from SQL in the form of a collection. If i store it as a singleton (in a similar manner as the common data) i am not clear as to:
How is the data persisted? What is the scope of that singleton (it should be for the duration of the user session). How can I ensure that the data is immediately available to whatever needs to consume it? What happens between post-backs to that singleton? If another user logs in would another instance of that singleton be created for that specific application instance?
I have to choose between Server.transfer and Response.redirect for an Intranet application for navigation. I have chosen Server.Transfer as of now because it avoid extra round trip to server and which will help when so many users will be accessing the application. (I believe this is the main difference between reponse.redirect and server.transfer). But the problem is now that URL won't change on Server.Transfer(I don't want to implement Http headerS, as I am afraid it will take time to implement that).on redirection, I want to do something like taking benefit of server.redirect(in avoiding server processing, which happens in response.redirect) and changing the URL(as it happens in reponse.redirect).Can anyone please suggest a quick solution to it or may be help me Telling How many users can reponse.redirect can support ?
im creating a multi step create user wizard for new members but I run into a problem. If the create of an account is in step 3 how do I capture the values from step 1 and 2. Should I try to pass the values to sessions or is there some other code. Here is some codebehind I tried so far (did not work).
how to do multi search in asp.net ex: i had database include name,location,date,salary i when to search for any of select ex: name and date or location only or name and location filixible search determ by user.
I'm trying to do some multi-threading in my asp.net web site. But I'm having trouble getting my child thread to interact with my main thread. In the following very simple example I would expect that, 3 seconds after clicking the button, the "Hello World" text would be displayed on my page and on my label. Instead, after a few seconds, I get the following error in a pop-up box "WebDev.WebServer20.exe has stopped working - Windows is checking for a solution to the problem.". I am running Visual Web Developer 2010 Express. If you know why I'm getting this error and if you know how to fix the problem respond.
I have a web application which is sort of a reporting portal. I have a ReportViewer.aspx page which has the crystalreportviewer control on it, and i am using the same viewer to show different reports. The reports are made by someone else altogther so i just have a .rpt file which i have included in my project.
I am giving the report datasource dynamically so there is no static data binding.(passing the parameters dynamically as well)
The reports usually have more than one page.
The problem is when i move to the next page, there is a postback and it does all the databinding again.
If i save the reportdocument object in session and check IsPostback and just get it out of the session, it works fine.
The question is whether this is the correct way of doing it. coz if i open a new tab and see the same report i will end up losing my first report...(i could avoid this by doing some whacky session management like passing a guid in the querystring and then retrieving the correct report object) but still is this the right way?
