Handling authentication with multiple membership providers - asp.net-membership

I have a web app using custom membership providers to access admin and inventory pages, each in a separate folder for different users from different database tables (hence the custom membership providers).
There are other pages in the root and other folders which are for guest visitors.
I have a login form for the admin and the inventory sections in the root which calls the appropriate membership provider for authentication and redirects to the corresponding page upon successfuly login.
Since I can have 1 authentication form entry in the web config, how can I set up the app to send to the correct login form?
(like an httpApplication.Authorize event)
My first thought was to have an HttpModule that checks the path and if the inventory or admin folders are in the path and the user is not authenticated then redirect the user to the login page.
Is that the best approach? Is there another way?
Thank you

You could have a web.config file in each of your protected folders, and each referencing its own login page and membership providers. This would be much simpler than trying to decide which provider to use on a single form.

Related

How to implement customer subdomain in Spring framework

In many of the SaaS web applications (ex, Atlassian JIRA), a user can have dedicated subdomain. For example, if my user name is helloworld, then after I log in to the web application, I am redirected to helloworld.atlassian.net
How to implement this in Spring Framework?
Do I have to have one application server instance running for each customer?
But this dosent seem to be the cheapest solution. Does Spring have such feature that I can create dynamic subdomain based on the username, and in the backend, only one instance of application server is running?
Create a custom filter which parses whole url and extracts subdomain, then check if the user is on proper domain with proper rights. Also worth mentioning Nginx should redirect "*.yourdomain.com" so all subdomains don't have to exist in Nginx, they could exist in database and each user has his unique or can be multiple sudomains attached, your custom filter does the checking on each request.

Can I bypass/skip the ADFS login screen and use my own custom login screen to access MSCRM?

I am using MSCRM authenticated through ADFS.I have two active directories A and B.I setup a one-way forest trust between A and B so that users in B can access my resources in A.I currently use ADFS for login.my problem is it is not friendly for a user to key in A\username or B\username to login to my webpage.Therefore I wish to build a custom login screen and maybe provide a radio button for the user to choose whether they belong to domain A or domain B.Because i use MSCRM,am I sort of forced to us ADFS?
MSDN provides a series of entries about ADFS 2.0 Sign-In Pages Customization.
From the linked overview page:
The Sign-In Pages expose extensibility points that allow a developer
to perform the following customizations: Change the accepted and
default authentication types.
Customize the theme of the Sign-In Pages and add a company logo image.
Customize the behavior and layout of Sign-In Pages that are seen by
the end user, such as the Forms Authentication and Home Realm
Discovery pages.
These customizations can be done by modifying the Web.config file of
the Sign-In Pages Web application or by modifying specific pages.
On a side note, as far as I've seen on our customers with IFD environments, you don't need to specify the domain when you sign-in, plain username and password seem to work (I'm not very expert in ADFS, but I understand that it "knows" which domain to authenticate against).

Different types of user sessions in CakePHP

I'm developing an app with CakePHP and in my app I have an admin section that us under Cake's Auth and it's associated, and I also have my frontend that should have another Auth session for regular users, how can I manage this? Or would I have to make my own registering and login methods for my regular users?
It might be worth using CakePHP's ACL component - you can specify permissions quite easily on which user/group can access which controller/action.
http://book.cakephp.org/view/1543/Simple-Acl-controlled-Application

MVC 3 ASP.NET Roles-Authorize Attribute

I am getting user roles from Active Directory and I am binding the same roles to ASP.NET Membership Roles.
I want to control the display for the various Views in Controller by using
[Authorize(roles="Admin")]
But Which ever role I specify, The View just doesn't display. If I take out the [Authorize(roles="Admin")] it works.
Does Authorize uses ASP.NET Membership roles? if so, Why I am getting this error?
Am I missing anything? Any Ideas?
Thank you
IIRC if you use AD roles it works with groups and you need to specify the domain:
[Authorize(Roles = #"MYDOMAIN\SomeDomainGroup")]
Now if the user accessing the site belongs on the given AD group he will be granted access.
Assuming you are using the VS built in server and you are getting a blank page - the built in development server will display a blank page instead of prompting for credentials.
Buried way down in a note on this page
Note:
If you are using the Visual Studio Development server, you are not prompted for credentials and you see only a blank page.

Cross web domain login with .net membership

I currently have three websites all running from the same DB
example websites:
www.mysite.com
admin.mysite.com
members.mysite.com
now because this all runs from a single DB they all use the same .net Membership tables.
All members are in a role: Member
All Admins are in a role: Admin
So the admins can log into the admin site and access all their admin functions etc, but the members if they tried to log into the admin area are bounced back to the login screen without any message, what I want to happen is to redirect them to the site: members.mysite.com and have them logged in.
As I could send them to a page in the admin site that does a response.redirect('http://members.mysite.com'); but then they have to login again.
So is there any good way to do this, or am I left doing something unsecure and hacky with querystring?
Querystring is fine as long as you use a unique 'one time token' that gets deleted after it's used to perform the login (this is how Google does it).
EDIT - Basic procedure is
Generate a cryptographically secure token
Store token/username combo in database
Redirect to new site with ?token=XXXXXXXXXXXXXXXX
New site sees token, looks up matching username in database and deletes token
Perform login procedure as that user

Resources