Last post Mar 03, 2016 05:41 PM by aibip
Mar 02, 2016 06:50 PM|aibip|LINK
I have 2 applications using SqlMembershipProvider.
Each applications has log in using different MembershipProvider, so you can't not log in to another application using another log in. (even same user name)
Log in control specifies MembershipProvider.
However, I could go to other application once it's authenticated because of the
same user name.
Getuser method only look for user name, so the following code doesn't work. (I thought this is the way to kick out other applications user)
Dim UserIdentity As MembershipUser = Membership.Providers("MembershipProvider1").GetUser(HttpContext.Current.User.Identity.Name, False)
If UserIdentity Is Nothing Then
I tried to use ProviverUserKey for GetUser method but in order to get ProverUserKey, you need to use UserID.... Catch22 here.
Is there a option to authenticate to a specific application? (using "IsAuthenticated" possibly?)
How can I protect an application from another when username is the same since Getuser method is depending on username?
Mar 02, 2016 07:16 PM|PatriceSc|LINK
See https://msdn.microsoft.com/library/1d3t3c61(v=vs.100).aspx and try to change the name attribute so that each app creates its own cookie.
Mar 02, 2016 08:56 PM|aibip|LINK
Thank you for your reply!
Does this goes to inside web.config? Do I need to create 2 web.config and specify names??
My problems is that one application lives under one, and it will be nested web.config...
Mar 03, 2016 05:25 AM|Candice Zhou|LINK
I think you could add ApplicationId field in your AspnetUsers table. The application ID is stored in a the aspnet_Applications table in your membership database. When you first enable the ASP Memebership provider, the application name that you set in your
web.config is entered into this table. From then on, the membership provider uses your application name to determine which users can login for user authentication in your application.
You could refer to the below to code to get ApplicationId:
SELECT ApplicationId FROM aspnet_Applications
WHERE ApplicationName = (System.Web.Security.Membership.Provider.ApplicationName from the ASP.NET code)
Mar 03, 2016 05:41 PM|aibip|LINK
Candice, Thank you for your reply!
For now, I just created a Session value when a user log in to an application using a log in control.
Since another application user can't log in using the log controller, they won't be able to go to the another application without the Session value.
I'm also reserving user name for both applications just in case.
I know that this is not the perfect solution but it does the job for now...