I created a custom Membership provider (Membership ToolKit) and added methods like:
public MembershipUserCollection GetAllUsers(string applicationName,
int pageIndex, int pageSize, out int totalRecords)
{
// Returns MembershipUserCollection
}
Methods like these help in managing the entire Membership data storage for all applications.
I plan for the developers on my team to use this Custom Provider to connect and use the Membership database for their own applications. This way I store users for all applications in my group in one place.
Developers have the following in their web.config:
<add name="MyMembershipProvider" type="MyMembershipProvider,
MyMembershipProvider" connectionStringName="MembershipConnectionString"
applicationName="MyApplication" passwordFormat="Clear" />
The problem I can foresee is the developer accidentally using a different applicationName in the web.config and changing data for users in a different application.
Is there a way of preventing this?
My thoughts are:
- Restrict access on DB level, perhaps on row level?
- Assign different DB logins for each application?
- Maintain two sets of Provider DLL, one for developers and other for entire DB management.
I look forward to thoughts and suggestions.
Thanks