Multiple membership providers, one user - asp.net-mvc

I am learning ASP.NET MVC 3 and trying to create a web application where users can upload some data and manage it.
Here is my problem:
I need to associate users to data in my database therefore I need users to have unique ids. However, users need to be able to log in from multiple membership providers (sql and ldap). So I can't assume their ProviderUserKey is unique nor can I assume what type it is.
What I need is some way to merge the users provided by the different membership providers into one user class that has unique user ids usable in my database. Can anyone give me some pointers on how to do this?
I am new to ASP.NET MVC 3 framework, so I don't know if something like this already exist or not.
E: I want the business logic to be oblivious to how the user logged in. It shouldn't matter to it.

Their ldap email address could provide a good unique identifier, I have used this in a similar situation.

Related

How to convert your Exiting MVC application into a SAAS model

We have an application hosted in Azure and it works just fine. This application is based on MVC4 along with SimpleMembership and Entity Framework with Code first. When the application is hosted in the web it just works. Code first creates DB, Roles and the Admin user.
Now we have a requirement of providing the same application to different Companies on a SAAS based Model. For that we had two approaches.
We can store the information of all the companies on the same database.
We can store the information each company in their own and separate database.
We want to go with the second approach so that each company will have their own Database. Each time a company register a separate database for them (But there will be only one web application) will be initializes and their Roles and Admin user will be created. So that when a person of that particular user logs in they will operate with their own database.
But the problem arises when any method or properties from the WebSecurity class is called from the SimpleMembership provider. Lets say an user from company "ABC" is logged in we can initialize the WebSecurity.InitializeDatabaseConnection() to use the DataBase associated with te ABC Database. Whe some one else logs in from another Company lets say "XYZ" company we need to tell the WebSecurity to use the database associated with XYZ Database. Now as WebSecurity is initialized with the ABC Database it does not work with XYZ databse and twrowing an error saying WebSecurity can only be initialized once.
Now can you please help me figuring out a way so that my WebSecurity can work with dynamic Context then that will be great. Or you can let me know a solution to work with multiple databases. Please note that we do not want to restructure our app and re write it from the beginning.

Multitenant application - access for users who do not belong to a specific tenat eg: Customers

I'm working on a multitenant project management application in ruby on rails and am a bit bogged down with implementing access for users who might not belong to a specific tenant.
For example we have the users Bob and Martha and they belong to a tenant A - alternatively there are two other users namely Jim and Jill who belong to Tenant B. Now we have a client called Mark who is a client to both tenants. Both tenants have projects and I need to build in an accessible form for the client so the client can sign in and view his projects. The thing is that I don't want and obviously no client would want a seperate login for each tenant here. I'm interested in coding the tenant management by myself here however I'm a bit bogged down on how to implement this.
I'm implementing row based tenancy i.e every model would have a reference to the tenant model here and signed in users can edit and add whatever belongs to their tenant. However with respect to a client or a possible case of a consultant user who might require access to more than one tenant - how do I set up the structure here.
Ideally a client would want to be able to sign in and view a list of all projects differed by tenant/company. How can I set up this structure? Also I want to keep this open ended such that it is possible that a user from TenantB might also be a client to TenantA.
The thing is that I don't want and obviously no client would want a seperate login for each tenant here.
They actually do want this, mainly for legal, auditing or security reasons.
Multi-tenancy exactly means the separation of data. So during login or right after that you choose a tenant. After that you only see data exactly of this tenant. There is no break-out later: It's possible to switch to another tenant, but not to merge data of different tenants.
If this is not what you want, consider to redesign your data model: There could be assignments between projects and persons. Customers can have their "own" projects by having a foreign key in projects linking back to the customer. This data model approach differs from using a multi-tenancy approach which is actually a technical means to separate data on row or instance level.

HOWTO implement multiple portal in ASP.Net MVC

I am working on designing a web application for our customers where each customer has a unique portal into the system. Each customer needs to be able to manage their own set of users without concern for other customer's users, thus two different customers need to be able to both have a user jasonsmith.
At the same time, one customers show NOT have any knowledge of the other customer's existences, nor that this is a multi-customer system.
What are the standards today for implementing such a system? Where should I go to learn more about how best to implement such a system.
What you are talking about is called multitenancy.
There are several approaches to this.
Most common approaches are:
Single database
All tenants share the same database. You'll therefore have one tenants table with the information about all tenants. All other tables uses the tenantid as a foreign key.
The problem is that you have to make sure that the user only accesses it's own information (the user can for instance try to change the id in the uri). You'll therefore have to validate each object that the user has tries to access.
Multiple databases
Some database engines (like RavenDB) can handle several databases without a problem. That means that each customer get's its own database (which you load at the beginning of each request after the user have been identified).
So you'll have one db users during the authentication to be able to identify the tenant and one database per customer.
The upside with this solution is that it's impossible for the tenants to access each others database. (unless they've hacked the account)

ASP.NET MVC Roles without database (and without role provider)

I have a super simple ASP.NET MVC application that uses RpxNow (OpenID) to allow users to login. I now want to let users edit their own account and provide administrator access to edit anyone's account.
I have two separate "Edit Account" views:
~/account/edit/
~/account/edit/1
The first loads the account details based on the logged in user. The second loads the account details using the supplied AccountId. The first would be for standard users, and the second for an administrator.
Firstly I need to define the roles (User, Admin) and then I need to assign a user account (or multiple) to that role.
Then I need to check the role in the controller. I like this concept:
http://schotime.net/blog/index.php/2009/02/17/custom-authorization-with-aspnet-mvc/
So, down to the questions:
Is there a simple way to define a list of roles in the web.config?
Is there a simple way to define which users are in which roles in the web.config?
Is there a way to do this WITHOUT using Membership / Role providers?
Am I approaching this from the wrong perspective? Should I be partioning the application into two branches and securing them based on folder authorisation?
I'm not a friend of storing authorization data in web.config. I prefer storing it in database or other xml files.
Have a look at Xml Membership / Role Provider. This uses Membership / Role for reading userdata but it shows a way storing and reading user authorization data from xml files.
Braching the application woulded move the issue and not solve.
Remember that the entire permissions plumbing still really revolves around IPrincipals, the Role/Membership providers are just window dressing to allow most applications to not have to write that plumbing code. In this case, you could easily add a database-backed (or just static if the list is short enough) list of roles and a list of users in roles and query that. Wrap it up behind a custom IPrincipal and stuff that puppy in there at the appropriate place and you are golden.

How should I handle Authorization/Authentication in my Asp.net MVC app?

I am creating an Asp.net MVC application and I'm currently using the built in Authentication/Authorization code that comes with the sample MVC app. For the most part this is working ok and I kinda understand what's going on.
What's concerning me though, is that now I kind of have my users stored in two different tables across two databases. i.e. I have users in my App's database that represent the "Customer" entity in the application, as well as the "User" in the Authentication database that's used to log in someone to the app.
Should I take the logged in user's User.Identity.Name value and do look up in my Customers table or should I merge them into one table? What's the best practice way of handling this?
Please forgive my ignorance - this is the first time I'm working with a system like this.
Any feedback is greatly appreciated!
It's helpful to think of credentials and the records that associate a person to application data as two very different things. Depending on the application, your Customer may not have credentials to log in or you may have an administrative User that logs in but isn't related to your application data.
Separate credentials are also useful if Users access more than one application with different rights for each.
For these reasons, I'd keep Customer and User separate and look one up from the other where appropriate.
You can extend the .Net Membership Provider to take all the information you want and post back in a single model I think.
See this one ASP.net Profiles and Membership - Custom Providers or should completely I roll my own?
And this one How to implement ASP.NET membership provider in my domain model

Resources