tags:

views:

29

answers:

2
Q: 

ASP.NET Membership - Is Switching the Application Name in the Web.Config a good idea?

Hi Guys,

I came up with an interesting way to solve the following problem and I want to know if there is a better way to achieve my objectives.

Basically, I'm creating a basic cms system users can register for their own microsite and have their own users. I'm using the asp.net membership api.

I wanted a way to isolate users of the various microsites from eachother so that a user authenticated with www.mysite.com/johns-site wouldn't also be authenticated with www.mysite.com/pauls-site.

I also wanted a way to associate a username with a microsite so that if a user is registered as bob on one site, it doesn't stop another user registering as bob for a different microsite.

To achieve this, I noticed that in the asp membership tables a user belongs to an application. Every time I receive a request, I have a method that switches the applicationName in the web.config based on the url.

This does meet my objectives in an easy way but feels a bit hacky. Is there an alternative way to switch applications for the membership provider?

+2  A: 

It is possible to get/set the ApplicatioName property at run time however according to the below MSDN post it is not recommended as the property is not thread safe i.e. if multiple users are creating accounts for different applications at the same time it may not correctly allocate the ApplicationName per user.

Syntax:

Membership.ApplicationName = "MyAppName"

OR

Membership.ApplicationName = "MyAppName";

Further reading:

http://msdn.microsoft.com/en-us/library/system.web.security.membership.applicationname.aspx

Note:

You are updating the contents of the web.config file from the application code? If so this is most certainly "hacky". Plus editing the web.config will drop any active sessions (if your app uses session state of course).

BradB  2010-09-26 23:51:03
Good point about the sessions. I forgot about that. Is there another way to achieve the kind of isolation between users in a shared database like this? I guess I could create a single role for each microsite but I still wouldn't be able to have the same usernames across different microsites.
mancmanomyst  2010-09-27 00:45:42
How about applying a naming convention to the username? E.g. <username>@johns-site.com or <username>@pauls-site.com. I don't know how you are currently allocating usernames but this approach my offer a very simple workaround.
BradB  2010-09-27 09:08:55
A: 

I agree, it is a hack that will likely make you pay at some point.

The proper way to accomplish this would involve each virtual directory (or microsite as you say) each defining a <membership> element with the same connection string but different applicationName attribute.

Sky Sanders  2010-09-27 14:29:11

related questions

after running aspnet_regsql.exe , do I have to init the db with data? how?
Not using e-mail address in a custom MembershipProvider?
How to pass the current user to a web control declaratively
How do you rename a Role using Membership in .NET?
What encryption algorithm does the .net membership provider use?
Membership.GetUser() & MARS
Web.config editing for Membership Role Authorization
Globalization of Membership exceptions isn't taking place... What to do?
OpenId development while disconnected from Internet
programmatic login with .net membership provider
Addin extra properties to MembershipProvider
ASP.Net Providers from web server in DMZ
ASP.NET PasswordRecovery Control with Localized content
Examples of asp.net mvc and authentication
ASP.NET Membership for high security scenarios?
ASP.NET Forms Authentication With Only UserName
What to use for membership in ASP.NET
How can I wrap a transaction around Membership.CreateUser?
New site creation and security/authentication,- should I use ASP.net Membership Provider?
ASP.NET WSAT (Website Administration Tool) and Custom Membership Providers
How do you manage asp.net SQL membership roles/users in production?
How to access UserId in ASP.NET Membership without using Membership.GetUser() ?
Can I use OpenId with the ASP MembershipProvider?
How do you pass an authenticaticated session between app domains
Class design decision