All geek questions in one place

Auth forms: have different credentials for a subdirectory?

My site has form authentication, and all is well. Now I want to create a subdirectory and have it password protected as well , but! I need a subdirectory to use a completely different set of logins / passwords than the whole website is used.

Say, for example, I have users for a website stored in the "Users" table in the database. But for this subdirectory, I want users to be taken from the "SubdirUsers" table. Which probably has a completely different structure.

Therefore, I need the logins to be completely parallel, as in:

  • Logging into the entire site will not force you to enter a subdirectory, as well as
  • Pressing "logout" on the whole site does not nullify your login in a subdirectory
  • And vice versa

I do not want to create a separate virtual application for the subdirectory, because I want to share all the libraries, user controls, as well as the application state and cache. In other words, it must be the same application.

I also don’t want to just add a flag to the Users table, indicating whether this is an entire website user or a user of a subdirectory. User lists should come from different sources.

Currently, the only option I see is to flip my own Auth forms for the subdirectory.

Can anyone suggest a better alternative?

+4
source share
7 answers

I think you can use this code to verify a user with any provider.

if (Membership.Providers["myprovider"].ValidateUser("USER", "PWD")) { //your code }
+1
source

You can have a separate web.config file in a subfolder that includes only scan options for this subfolder. Please note that you must delete all other settings, as there are some parameters that can only be at the application level.

 <authorization configSource="alterativeSource.xml"/>
+1
source

You simply cannot achieve this with FormsAuthentication.

This problematic scenario is an ideal candidate for using HttpModules. HttpModules can intercept the request and response pipeline. You will need to write 2 HttpModules.

  • HttpModule for authentication
  • HttpModule for authorization

You can combine these modules at a later time as soon as your solution reaches a stable state, and you can easily cope with the complexity.

In your solution, you will need a database engine that stores data about the subdirectory and user authorization and authentication mapping data. Your HttpModules can read this data, deciding on the user request.

You can start from here .

0
source

I could see a better answer if your users were in the web.config file, but since you are using users in the database, you will have to use something besides Authentication forms to a large extent. You need to set up a subdirectory to allow all users, and then basically rebuild the forms. Authentication with sessions. You can subclass the page class and use it to store all your routines for authentication and redirection. Then you will not need to add anything to each page in a subdirectory.

I know this is an answer that you probably hoped to avoid, but form. Authentication is too easy to solve this difficult situation.

0
source

Usually, "authorization" is used after logging in to determine which directories, resources, etc. can be used by this user.

Have you looked at creating a role for the main directory and a second role for the "sub" directory, and then applied an authorization tag (ie in web.config)? You will need to implement an authorization provider, but it looks like this might be a better long-term solution than having multiple user tables.

Clarification Regardless of authorization (for example, checking credentials or password, etc.), you still need to define user roles somewhere, so for the sake of argument, you can take a "user table". (Nothing prevents this from being an XML file in isolated storage, if you like.) NB It doesn't really matter that users come from different sources. This should be reflected in the schema for the user table (i.e., Flag or other column, etc.). If you struggle with this general pattern, you are likely to finish the job in the long run.

When there is one exception, there will probably be another in the future.

0
source

It may help you - numina.codeplex.com

0
source

I have not tried it, but I think it will work.

You can have two membership providers (i.e. ASPNETDB_1 and ASPNETDB_2.)

They are listed in the membership provider section of the web.config file. Therefore, you need a separate web.config in each subdirectory, which, as I know, you can do.

At the root of the site, I assume that you will not have authentication. You can only have a start page that asks the user to select a subdirectory (or you can simply use subdomains (firstdir.mysite.com, secondir.mysite.com) or http: /mysite.com/firstdirectory or http: / mysite. Com / secondirectory.

I am not sure about the advantages of this method with respect to virtual directories, although, besides the fact that root can contain some ASP programs that do not require authentication.

I understand that you are looking for a solution "out of the box" and do not want to "minimize your own." However, a standard membership provider allows you to set a profile for each user - then it is very simple to configure one form of user service using a list for each of your individual user service functions and filter by role or profile value (for example, organizational identifier). Using the classes of membership providers, I personally found it very easy to do out of the box (maybe an hour to create support forms, if this is using all drag and drop controls, SqlDatasource + listview - no VB or C encoding is required). But individual providers and webconfigs could do the trick too.

0
source

Source: https://habr.com/ru/post/1304223/

More articles:


All Articles