2 Applications Same User Name Issue

Question

User1168913849 posted

I have 2 applications using SqlMembershipProvider.

Each applications has log in using different MembershipProvider, so you can't not log in to another application using another log in. (even same user name)

Log in control specifies MembershipProvider.

However,  I could go to other application once it's authenticated because of the same user name.

Getuser method only look for user name, so the following code doesn't work. (I thought this is the way to kick out other applications user)

Dim UserIdentity As MembershipUser = Membership.Providers("MembershipProvider1").GetUser(HttpContext.Current.User.Identity.Name, False)

If UserIdentity Is Nothing Then

    Response.Redirect("login.aspx")

End If

I tried to use ProviverUserKey for GetUser method but in order to get ProverUserKey, you need to use UserID.... Catch22 here.

Is there a option to authenticate to a specific application? (using "IsAuthenticated" possibly?)

How can I protect an application from another when username is the same since Getuser method is depending on username?

Answer 1

User753101303 posted

Hi,

See https://msdn.microsoft.com/library/1d3t3c61(v=vs.100).aspx and try to change the name attribute so that each app creates its own cookie.

Answer 2

User1168913849 posted

Thank you for your reply!

Does this goes to inside web.config? Do I need to create 2 web.config and specify names??

My problems is that one application lives under one, and it will be nested web.config...

Answer 3

User614698185 posted

Hi aibip,

I think you could add ApplicationId field in your AspnetUsers table. The application ID is stored in a the aspnet_Applications table in your membership database. When you first enable the ASP Memebership provider, the application name that you set in your web.config is entered into this table. From then on, the membership provider uses your application name to determine which users can login for user authentication in your application.

You could refer to the below to code to get ApplicationId:

SELECT ApplicationId FROM aspnet_Applications 
WHERE ApplicationName = (System.Web.Security.Membership.Provider.ApplicationName from the ASP.NET code)

Best Regards,

Candice Zhou

Answer 4

User1168913849 posted

Candice, Thank you for your reply!

For now, I just created a Session value when a user log in to an application using a log in control.

Since another application user can't log in using the log controller, they won't be able to go to the another application without the Session value.

I'm also reserving user name for both applications just in case.

I know that this is not the perfect solution but it does the job for now...