Databases
StackOverflow2013
Postsdbo
POASP.NET MVC Authorize by Subdomain
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POASP.NET MVC Authorize by Subdomain
    text
    copied!<p>I have what seems like a common issue with SaaS applications, but have not seen this question on here anywhere. </p> <p>I am using ASP.NET MVC with Forms Authentication. I have implemented a custom membership provider to handle logic, but have one issue (perhaps the issue is in my mental picture of the system).</p> <p>As with many SaaS apps, customers create accounts and use the app in a way that looks like they are the only ones present (they only see their items, users, etc.). In reality, there are generic controllers and views presenting data depending on the customer represented in the URL. When calling something like the MembershipProvider.ValidateUser, I have access to the user's customer affiliation in the User object - what I don't have is the context of the request to compare whether it is a data request for the same customer as the user.</p> <p>As an example, </p> <p>One company called ABC goes to abc.mysite.com</p> <p>Another company called XYZ goes to xyz.mysite.com</p> <p>When an ABC user calls </p> <pre><code>http://abc.mysite.com/product/edit/12 </code></pre> <p>I have an [Authorize] attribute on the Edit method in the ProductController to make sure he is signed in and has sufficient permission to do so.</p> <p>If that same ABC user tried to access </p> <pre><code>http://xyz.mysite.com/product/edit/12 </code></pre> <p>I would not want to validate him in the context of that call. In the ValidateUser of the MembershipProvider, I have the information about the user, but not about the request. I can tell that the user is from ABC, but I cannot tell that the request is for XYZ at that point in the code.</p> <p>How should I resolve this?</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload