By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
446,190 Members | 772 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 446,190 IT Pros & Developers. It's quick & easy.

Membership Provider for Mult apps

P: n/a
I have serveral applications now running that are using the
MembershipProvider classes and they are each using their own security tables
in SQL Server 2005 instead of the express databases - they are all work
well.

Now we have a need to have many different asp.net websites and web services
use a single security database because they all share the same user and
administrator community. It doesn't seem there will be a problem with all
of them accessing the same security tables. I am wondering, however, if I
will run into any issues with Authentication. We want to authentication to
work separately for the different websites - getting authenticated on one
website should not cause authentication on others. I don't know what gets
stored in the database regarding authentication.

Could there be issues with authentication in this environment? Is anyone
controlling many websites with a single MembershipProvider DB?

--
Regards,
Gary Blakely
Dean Blakely & Associates
www.deanblakely.com
Oct 11 '07 #1
Share this Question
Share on Google+
3 Replies


P: n/a
Hi Gary,

From your description, you're now using a shared central sql database for
multiple ASP.NET web applications(as the membershp .. service's storage).
And you're wondering whether it will cause the authentifcation in all those
application get messed, correct?

As for the ASP.NET application's membership authentication, though you can
share the membership user/account info among multiple applications(by using
the same provider and same backend database), the actual authentication is
relying on the authentication cookie generated by each application. Thus,
by default each application will generate their own authentication cookie
and user authenticated in one application won't be able to get
recognized(as authenticated) in another application.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
>From: "GaryDean" <Ga******@newsgroups.nospam>
Subject: Membership Provider for Mult apps
Date: Thu, 11 Oct 2007 14:49:39 -0700
>I have serveral applications now running that are using the
MembershipProvider classes and they are each using their own security
tables
>in SQL Server 2005 instead of the express databases - they are all work
well.

Now we have a need to have many different asp.net websites and web
services
>use a single security database because they all share the same user and
administrator community. It doesn't seem there will be a problem with all
of them accessing the same security tables. I am wondering, however, if I
will run into any issues with Authentication. We want to authentication
to
>work separately for the different websites - getting authenticated on one
website should not cause authentication on others. I don't know what gets
stored in the database regarding authentication.

Could there be issues with authentication in this environment? Is anyone
controlling many websites with a single MembershipProvider DB?

--
Regards,
Gary Blakely
Dean Blakely & Associates
www.deanblakely.com
Oct 12 '07 #2

P: n/a
Yes, that sounds right. And, if we want to share authentication between any
apps we would use the identical Machine Key entries in each web config.
This makes me wonder if somehow the "multi-authentication" capability
provided by indentical Machikne Keys could somehow be accomplished
dynamically at run time. i.e. we will authenticate this user for apps one
and three but the other user only gets authenticated for app one. ??

--
Regards,
Gary Blakely
Dean Blakely & Associates
www.deanblakely.com
"Steven Cheng[MSFT]" <st*****@online.microsoft.comwrote in message
news:Cn*************@TK2MSFTNGHUB02.phx.gbl...
Hi Gary,

From your description, you're now using a shared central sql database for
multiple ASP.NET web applications(as the membershp .. service's storage).
And you're wondering whether it will cause the authentifcation in all
those
application get messed, correct?

As for the ASP.NET application's membership authentication, though you can
share the membership user/account info among multiple applications(by
using
the same provider and same backend database), the actual authentication is
relying on the authentication cookie generated by each application. Thus,
by default each application will generate their own authentication cookie
and user authenticated in one application won't be able to get
recognized(as authenticated) in another application.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.

==================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.


--------------------
>>From: "GaryDean" <Ga******@newsgroups.nospam>
Subject: Membership Provider for Mult apps
Date: Thu, 11 Oct 2007 14:49:39 -0700
>>I have serveral applications now running that are using the
MembershipProvider classes and they are each using their own security
tables
>>in SQL Server 2005 instead of the express databases - they are all work
well.

Now we have a need to have many different asp.net websites and web
services
>>use a single security database because they all share the same user and
administrator community. It doesn't seem there will be a problem with all
of them accessing the same security tables. I am wondering, however, if I
will run into any issues with Authentication. We want to authentication
to
>>work separately for the different websites - getting authenticated on one
website should not cause authentication on others. I don't know what gets
stored in the database regarding authentication.

Could there be issues with authentication in this environment? Is anyone
controlling many websites with a single MembershipProvider DB?

--
Regards,
Gary Blakely
Dean Blakely & Associates
www.deanblakely.com

Oct 12 '07 #3

P: n/a
Thanks for your reply Gary,

Yes, you're right. Setting machinekey is the way to make multiple ASP.NET
application to share forms authentication ticiket(cookie). And I can ensure
you that the dynamically generated cookie won't mixed up(unless you've
manually set fixed machinekey for all the applications), this is because
the default "autogenerated" key is based on machine setting(that's
statistical unique). Also, to make multiple applications share
authentication, they need to be under the same main domain address, so this
is also a limitation, and that's not a easy thing:)

Please feel free to post here if there is anything else you wonder.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
>From: "GaryDean" <Ga******@newsgroups.nospam>
References: <Op**************@TK2MSFTNGP04.phx.gbl>
<Cn*************@TK2MSFTNGHUB02.phx.gbl>
>Subject: Re: Membership Provider for Mult apps
Date: Fri, 12 Oct 2007 11:03:02 -0700
>
Yes, that sounds right. And, if we want to share authentication between
any
>apps we would use the identical Machine Key entries in each web config.
This makes me wonder if somehow the "multi-authentication" capability
provided by indentical Machikne Keys could somehow be accomplished
dynamically at run time. i.e. we will authenticate this user for apps one
and three but the other user only gets authenticated for app one. ??

--
Regards,
Gary Blakely
Dean Blakely & Associates
www.deanblakely.com
"Steven Cheng[MSFT]" <st*****@online.microsoft.comwrote in message
news:Cn*************@TK2MSFTNGHUB02.phx.gbl...
>Hi Gary,

From your description, you're now using a shared central sql database for
multiple ASP.NET web applications(as the membershp .. service's storage).
And you're wondering whether it will cause the authentifcation in all
those
application get messed, correct?

As for the ASP.NET application's membership authentication, though you
can
>share the membership user/account info among multiple applications(by
using
the same provider and same backend database), the actual authentication
is
>relying on the authentication cookie generated by each application. Thus,
by default each application will generate their own authentication cookie
and user authenticated in one application won't be able to get
recognized(as authenticated) in another application.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

================================================= =

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
>ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent
issues
>where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each
follow
>up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.

================================================= =
This posting is provided "AS IS" with no warranties, and confers no
rights.


--------------------
>>>From: "GaryDean" <Ga******@newsgroups.nospam>
Subject: Membership Provider for Mult apps
Date: Thu, 11 Oct 2007 14:49:39 -0700
>>>I have serveral applications now running that are using the
MembershipProvider classes and they are each using their own security
tables
>>>in SQL Server 2005 instead of the express databases - they are all work
well.

Now we have a need to have many different asp.net websites and web
services
>>>use a single security database because they all share the same user and
administrator community. It doesn't seem there will be a problem with
all
>>>of them accessing the same security tables. I am wondering, however, if
I
>>>will run into any issues with Authentication. We want to authentication
to
>>>work separately for the different websites - getting authenticated on one
website should not cause authentication on others. I don't know what
gets
>>>stored in the database regarding authentication.

Could there be issues with authentication in this environment? Is anyone
controlling many websites with a single MembershipProvider DB?

--
Regards,
Gary Blakely
Dean Blakely & Associates
www.deanblakely.com


Oct 15 '07 #4

This discussion thread is closed

Replies have been disabled for this discussion.