locked
LightSwitch SecurityData.svc UserRegistration key field RRS feed

  • Question

  • Hi all,

    Can anyone shed light on how (but particularly why) 'UserName' in 'UserRegistrations' is surfaced as the Primary Key, when it clearly is NOT unique in the underlying aspnet_Users table. This is a major pain if you want to have several applications using the same authentication database as there is nothing that SHOULD block two users from having the same UserName as long as they belong to different applications.

    Following on from this is why the UserID is not surfaced as the (actual) key instead?

    Imagine a multi-tenant scenario (single, shared database, unknown to your clients) where you have a new client whose preferred user name is rejected even though this is a different application sharing user authentication. This would quite possibly set nasty alarm bells ringing!

    A rationale for this would be enlightening, more so a workaround!

    Ian


    Ian Mac

    Tuesday, June 17, 2014 8:41 AM

Answers

  • Hi Ian,

    Indeed, but internally the userregistration makes use of the membership provider, which uses internally stored procedures to get e.g. the users for a specific app and the app name is always taken into consideration.

    In fact you can test this in less than 5 minutes.

    Create an app which write into one of the fields of a table via a server side insert method the user registrations for a user with the name XYZ.

    So something like this:

    partial void Customers_Inserting(Customer entity)
            {
                
                using (this.Application.User.AddPermissions(Permissions.SecurityAdministration))
                {
                    var userRegs = this.DataWorkspace.SecurityData.UserRegistrations.Where(c => c.UserName == "XYZ");
                    string result = "users : ";
                    foreach (UserRegistration user in userRegs)
                    {
                        result += user.UserName;
                    }
                    entity.FirstName = result;
                }
            }

    Start visual studio as admin and deploy this app to your localhost and specify that XYZ should be created as initial admin.

    run now the app and verify that in the firstName field only your user xyz is print.

    Grap this script from my site:

    http://blog.pragmaswitch.com/?p=688

    and create some additional users with name XYZ but for other app names.

    Re run the app and you will see you still have ONE user reg for user XYZ.

    The proof of the pudding is in the eating :)


    paul van bladel

    • Proposed as answer by Paul Van Bladel Tuesday, June 17, 2014 1:03 PM
    • Marked as answer by Ian Mac Tuesday, June 17, 2014 1:28 PM
    Tuesday, June 17, 2014 1:01 PM

All replies

  • I'm using day by day a shared security db (by over 30 apps) having the same users (same userName) in several apps. 

    That works perfectly. 

    The reason why UserRegistrations seems to have a primary key on UserName is that UserRegistrations is filled based on the Membership infrastructure which takes in account the application Name (in web.config). 


    paul van bladel

    Tuesday, June 17, 2014 9:06 AM
  • Hi Paul,

    So from what you are saying, if I write a query which basically says (paraphrasing!) 'select the user from UserRegistrations where UserName = 'xxxxxxx' (without explicit reference to ApplicationID), then I will only return one user with that name even if there are more with that name in aspnet_Users, simply because 'ApplicationId' comes into it automatically via a causal link to 'ApplicationName' from the web.config?

    Or something like that? (!)


    Ian Mac

    Tuesday, June 17, 2014 11:30 AM
  • Hi Ian,

    Indeed, but internally the userregistration makes use of the membership provider, which uses internally stored procedures to get e.g. the users for a specific app and the app name is always taken into consideration.

    In fact you can test this in less than 5 minutes.

    Create an app which write into one of the fields of a table via a server side insert method the user registrations for a user with the name XYZ.

    So something like this:

    partial void Customers_Inserting(Customer entity)
            {
                
                using (this.Application.User.AddPermissions(Permissions.SecurityAdministration))
                {
                    var userRegs = this.DataWorkspace.SecurityData.UserRegistrations.Where(c => c.UserName == "XYZ");
                    string result = "users : ";
                    foreach (UserRegistration user in userRegs)
                    {
                        result += user.UserName;
                    }
                    entity.FirstName = result;
                }
            }

    Start visual studio as admin and deploy this app to your localhost and specify that XYZ should be created as initial admin.

    run now the app and verify that in the firstName field only your user xyz is print.

    Grap this script from my site:

    http://blog.pragmaswitch.com/?p=688

    and create some additional users with name XYZ but for other app names.

    Re run the app and you will see you still have ONE user reg for user XYZ.

    The proof of the pudding is in the eating :)


    paul van bladel

    • Proposed as answer by Paul Van Bladel Tuesday, June 17, 2014 1:03 PM
    • Marked as answer by Ian Mac Tuesday, June 17, 2014 1:28 PM
    Tuesday, June 17, 2014 1:01 PM
  • Paul, many thanks for your efforts on this. Having had itchy fingers and indeed agreeing that the proof of the pudding is in the eating, I tried something similar and confirmed that you are correct, of course! Makes sense now!

    Ian Mac

    Tuesday, June 17, 2014 1:28 PM
  • My pleasure Ian.



    paul van bladel

    Tuesday, June 17, 2014 2:35 PM