473,322 Members | 1,523 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

Membership Provider for Mult apps

I have serveral applications now running that are using the
MembershipProvider classes and they are each using their own security tables
in SQL Server 2005 instead of the express databases - they are all work
well.

Now we have a need to have many different asp.net websites and web services
use a single security database because they all share the same user and
administrator community. It doesn't seem there will be a problem with all
of them accessing the same security tables. I am wondering, however, if I
will run into any issues with Authentication. We want to authentication to
work separately for the different websites - getting authenticated on one
website should not cause authentication on others. I don't know what gets
stored in the database regarding authentication.

Could there be issues with authentication in this environment? Is anyone
controlling many websites with a single MembershipProvider DB?

--
Regards,
Gary Blakely
Dean Blakely & Associates
www.deanblakely.com
Oct 11 '07 #1
3 1909
Hi Gary,

From your description, you're now using a shared central sql database for
multiple ASP.NET web applications(as the membershp .. service's storage).
And you're wondering whether it will cause the authentifcation in all those
application get messed, correct?

As for the ASP.NET application's membership authentication, though you can
share the membership user/account info among multiple applications(by using
the same provider and same backend database), the actual authentication is
relying on the authentication cookie generated by each application. Thus,
by default each application will generate their own authentication cookie
and user authenticated in one application won't be able to get
recognized(as authenticated) in another application.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
>From: "GaryDean" <Ga******@newsgroups.nospam>
Subject: Membership Provider for Mult apps
Date: Thu, 11 Oct 2007 14:49:39 -0700
>I have serveral applications now running that are using the
MembershipProvider classes and they are each using their own security
tables
>in SQL Server 2005 instead of the express databases - they are all work
well.

Now we have a need to have many different asp.net websites and web
services
>use a single security database because they all share the same user and
administrator community. It doesn't seem there will be a problem with all
of them accessing the same security tables. I am wondering, however, if I
will run into any issues with Authentication. We want to authentication
to
>work separately for the different websites - getting authenticated on one
website should not cause authentication on others. I don't know what gets
stored in the database regarding authentication.

Could there be issues with authentication in this environment? Is anyone
controlling many websites with a single MembershipProvider DB?

--
Regards,
Gary Blakely
Dean Blakely & Associates
www.deanblakely.com
Oct 12 '07 #2
Yes, that sounds right. And, if we want to share authentication between any
apps we would use the identical Machine Key entries in each web config.
This makes me wonder if somehow the "multi-authentication" capability
provided by indentical Machikne Keys could somehow be accomplished
dynamically at run time. i.e. we will authenticate this user for apps one
and three but the other user only gets authenticated for app one. ??

--
Regards,
Gary Blakely
Dean Blakely & Associates
www.deanblakely.com
"Steven Cheng[MSFT]" <st*****@online.microsoft.comwrote in message
news:Cn*************@TK2MSFTNGHUB02.phx.gbl...
Hi Gary,

From your description, you're now using a shared central sql database for
multiple ASP.NET web applications(as the membershp .. service's storage).
And you're wondering whether it will cause the authentifcation in all
those
application get messed, correct?

As for the ASP.NET application's membership authentication, though you can
share the membership user/account info among multiple applications(by
using
the same provider and same backend database), the actual authentication is
relying on the authentication cookie generated by each application. Thus,
by default each application will generate their own authentication cookie
and user authenticated in one application won't be able to get
recognized(as authenticated) in another application.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.

==================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.


--------------------
>>From: "GaryDean" <Ga******@newsgroups.nospam>
Subject: Membership Provider for Mult apps
Date: Thu, 11 Oct 2007 14:49:39 -0700
>>I have serveral applications now running that are using the
MembershipProvider classes and they are each using their own security
tables
>>in SQL Server 2005 instead of the express databases - they are all work
well.

Now we have a need to have many different asp.net websites and web
services
>>use a single security database because they all share the same user and
administrator community. It doesn't seem there will be a problem with all
of them accessing the same security tables. I am wondering, however, if I
will run into any issues with Authentication. We want to authentication
to
>>work separately for the different websites - getting authenticated on one
website should not cause authentication on others. I don't know what gets
stored in the database regarding authentication.

Could there be issues with authentication in this environment? Is anyone
controlling many websites with a single MembershipProvider DB?

--
Regards,
Gary Blakely
Dean Blakely & Associates
www.deanblakely.com

Oct 12 '07 #3
Thanks for your reply Gary,

Yes, you're right. Setting machinekey is the way to make multiple ASP.NET
application to share forms authentication ticiket(cookie). And I can ensure
you that the dynamically generated cookie won't mixed up(unless you've
manually set fixed machinekey for all the applications), this is because
the default "autogenerated" key is based on machine setting(that's
statistical unique). Also, to make multiple applications share
authentication, they need to be under the same main domain address, so this
is also a limitation, and that's not a easy thing:)

Please feel free to post here if there is anything else you wonder.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
>From: "GaryDean" <Ga******@newsgroups.nospam>
References: <Op**************@TK2MSFTNGP04.phx.gbl>
<Cn*************@TK2MSFTNGHUB02.phx.gbl>
>Subject: Re: Membership Provider for Mult apps
Date: Fri, 12 Oct 2007 11:03:02 -0700
>
Yes, that sounds right. And, if we want to share authentication between
any
>apps we would use the identical Machine Key entries in each web config.
This makes me wonder if somehow the "multi-authentication" capability
provided by indentical Machikne Keys could somehow be accomplished
dynamically at run time. i.e. we will authenticate this user for apps one
and three but the other user only gets authenticated for app one. ??

--
Regards,
Gary Blakely
Dean Blakely & Associates
www.deanblakely.com
"Steven Cheng[MSFT]" <st*****@online.microsoft.comwrote in message
news:Cn*************@TK2MSFTNGHUB02.phx.gbl...
>Hi Gary,

From your description, you're now using a shared central sql database for
multiple ASP.NET web applications(as the membershp .. service's storage).
And you're wondering whether it will cause the authentifcation in all
those
application get messed, correct?

As for the ASP.NET application's membership authentication, though you
can
>share the membership user/account info among multiple applications(by
using
the same provider and same backend database), the actual authentication
is
>relying on the authentication cookie generated by each application. Thus,
by default each application will generate their own authentication cookie
and user authenticated in one application won't be able to get
recognized(as authenticated) in another application.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

================================================= =

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
>ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent
issues
>where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each
follow
>up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.

================================================= =
This posting is provided "AS IS" with no warranties, and confers no
rights.


--------------------
>>>From: "GaryDean" <Ga******@newsgroups.nospam>
Subject: Membership Provider for Mult apps
Date: Thu, 11 Oct 2007 14:49:39 -0700
>>>I have serveral applications now running that are using the
MembershipProvider classes and they are each using their own security
tables
>>>in SQL Server 2005 instead of the express databases - they are all work
well.

Now we have a need to have many different asp.net websites and web
services
>>>use a single security database because they all share the same user and
administrator community. It doesn't seem there will be a problem with
all
>>>of them accessing the same security tables. I am wondering, however, if
I
>>>will run into any issues with Authentication. We want to authentication
to
>>>work separately for the different websites - getting authenticated on one
website should not cause authentication on others. I don't know what
gets
>>>stored in the database regarding authentication.

Could there be issues with authentication in this environment? Is anyone
controlling many websites with a single MembershipProvider DB?

--
Regards,
Gary Blakely
Dean Blakely & Associates
www.deanblakely.com


Oct 15 '07 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: John | last post by:
Hi I was working fine with create user wizard and the default membership provider. I have now customised the membership provider as per attached web.config. The create user wizard picks up the...
3
by: ad | last post by:
I have create a custom membership provider. The common usage of custom membership is set it as default Membership Provider win web.config, and use login controls with it. How can I use custom...
9
by: Paul Keegstra | last post by:
Hi, I am currently working on an asp.net 2.0 web site that is a replacement of a classic asp web site. The current web site uses a Commerce Server 2002 database for storing user information. ...
3
by: Dan Sikorsky | last post by:
Can I use SQLServer 2000 with ASP.NET 2.0 instead of SQLServer 2005, and use the .Net 2.0 Membership functionality? I've setup my Login page, controls, etc., and now it's time to use the Web...
1
by: Tony Jones | last post by:
Can I have two ASP.NET site using the same membership provider settings? For this to happen, the applicationName would have to be the same, but what about the configuration of the <properties>...
2
by: Balaji | last post by:
Hi All, Can I use more than one membership provider for a given website? I understand only one of them could be default one. If yes, then how to programmatically access the other membership...
4
by: =?Utf-8?B?Q2hyaXMgQ2Fw?= | last post by:
I have been having some trouble with implementing a custom Membership Provider. We have a custom data store and business logic that pulls user information. I need some level of functionality...
2
by: GaryDean | last post by:
My ASP.Net application, that uses the SQL Membership Provider, runs fine on my development box (server2003) as long as I use the standard provider. But, in anticipation of deployment to other...
2
by: vcuankitdotnet | last post by:
Hi everyone, We are currently under-going a new security service and the company is leaning towards using SiteMinder. My question is: why not just use the .NET membership and roles provider and...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.