Multi-user authentication with ASP.NET MVC and . NET 4.5

Asked

Viewed 349 times

0

I am developing a system where there is a need for two types of users, the client, which will access only the frontend, and the administrator, associated with the backoffice. I need these users to be authenticated in different "cookies" as they are part of different areas.

I’ve been seeing about FormsAuthentication.SetAuthCookie, but it seems that there is no possibility to assign a different identification to the authentication cookie of this function.

Could you give me an idea of where to start?

Note: I am looking for a method that I can keep the sessions separate, without the need to use Roles to maintain access to the frontend and backoffice dashboard associated with your user type. Because I have two authentication forms (one for the client and one for the administrator) and separate by Roles would be a "hindrance", moreover, it will probably be common for an administrator to also own a user account and vice versa, and want to authenticate in both at the same time. So keeping authentications separate will provide more flexibility in these cases.

  • I did not understand very well what would be this "obstacle" of using Roles. If an administrator can use the client function just free the access. You don’t need to authenticate 2x the same user for this.

  • I cannot, because the client’s access depends on other data that is only filled through the register, whereas for the administrator it is totally different. And I also work with two different tables, one for clients and one for administrators.

  • Another reason is that I already work with Roles for the backoffice (Super Administrators, Managers and Editor), so controlling another Role to prevent the client from accessing the panel would complicate the structure.

1 answer

1


You can use names of cookies different logins for different logins. That way, one cookie will not overwrite the other.

You can set the value of cookie in the Web.config file, changing the value of the "name attribute":

<authentication mode="Forms">
 <forms name=".NomeDoCookie" domain="seudominio.com" ... />
</authentication>

But to have two different names, you would need to authenticate manually, using different values for the attribute cookiePath:

FormsAuthentication.GetAuthCookie(username, false, "cookiePath");
FormsAuthentication.SetAuthCookie(username, false, "cookiePath");

In this way, each type of user would be authenticated independently.

I hope I’ve helped.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.