1

I need to implement login for users that require not only Username and Password , but also CompanyId. The username is unique only for a company so there could be many occurrences of a username with a different companyId as a record. I tried to extend my current simple membership provider, but i guess that is not working for me(How to make WebSecurity.Login to login using username or email?). My UserProfile table looks like this

[Table("UserProfile")]
public partial class UserProfile
{
    [Key]
    [DatabaseGeneratedAttribute(DatabaseGeneratedOption.Identity)]
    public int UserId { get; set; }
    public string UserName { get; set; }
    public int  CompanyId { get; set; }

Can i validate user by userId and password. I need to make something like this:

public class ExtendedSimpleMembershipProvider : SimpleMembershipProvider
{
    public override bool ValidateUser(string username, string password, int companyId)
    {
            int userId = GetUserId(username, companyId);
            return SomehowValidateUser(userId, password);
    }

    private int GetUserId(string username, int companyId)
    {

        var userId = (from users
                      in context.UserProfile
                      where (users.UserName.ToLower() == username) || (users.CompanyId == companyId)
                      select users.UserId).First();
        return userId;
    }
}

How would that work ?

Community
  • 1
  • 1
dlght
  • 1,406
  • 1
  • 18
  • 35
  • Can you add password to the key? Sidenote - what keeps the same user from creating the same account at both companies? – Stinky Towel Nov 19 '13 at 14:38
  • The users are created only by company admin, so they there could be users with the same name in different companies. I'm using simple membership so my password is not in the table of the UserProfile. – dlght Nov 19 '13 at 16:52

2 Answers2

1

If you're asking how to validate the userID and password once you've validated the username and companyId, try exposing the WebSecurity class directly. 

public override bool ValidateUser(string username, string password, int companyId)
{
    // DEV NOTE: change your GetUserId() return to int?
    int? userId = GetUserId(username, companyId);
    if (userID.HasValue())
        return WebSecurity.Login(username, password);
    else
        return false;
}
Stinky Towel
  • 768
  • 6
  • 26
  • 1
    It turns out i cannot override method that does not exist ValidateUser(string, string, int). So i should extend somehow the membership to have ValidateUser method too. – dlght Nov 20 '13 at 10:36
0

It worked out this way :

    public static bool ValidateUser(string username, string password, string companyName)
    {
        int companyId = MyRepository.GetCompanyIdByName(companyName);

        int? userId = companyId == 0 ? null : MyRepository.GetUserId(username, companyId);

        if (userId.HasValue && userId.Value != 0)
        {
            var userKey = username + "@" + companyName.ToLower();
            return WebSecurity.Login(userKey, password);
        }
        else
        {
            return false;
        }
    }
dlght
  • 1,406
  • 1
  • 18
  • 35