ASP.Net Identity - Central User Database for Different Apps?

Question

I want to create a central login database that multiple applications from potentially different clients will use. Using ASP Identity I have set up a database of users and roles.

Different applications have different roles however so I need a way to split to them up further. E.g. a user may be an admin in one app and not another.

Is there a way to do this using ASP identity? Ideally I would like to control what apps certain users can access and have separate roles linked to these apps.

If this is outside the scope of ASP Identity what should I look to use in ASP.NET C# MVC web applications.

Answer 1

If you want to create a "central login database" which is totally independent of your clients, perhaps you will simply want a couple SQL database tables. (This will be initial work but will give you the most flexibility moving forward)

TABLE1

SYSTEM_ID    |     USER_ID     |   PWD        |   ROLE
-------------+-----------------+--------------+----------
somesys      |     4544345     | ENCRYPTEDPWD |   ROLENAME1
someothersys |     4544345     | ENCRYPTEDPWD |   ROLENAME2

TABLE2

SYSTEM_ID    |     ROLE        |   PERMIT_TYPE
-------------+-----------------+----------------
somesys      |     ROLENAME1   |     READ

You will join two QUERIES (split out here for ease of read):

1. Authenticate user (select 'ROLEs' from Table1 where USER_ID='4544345' AND PWD='ENCRYPTEDPWD').

   JOIN

2. Get Permissions (select SYSTEM_ID, PERMIT_TYPE where ROLE='ROLEs' (from 1st query)

Answer 2

A user can belong to multiple roles, so why not have your membership provider load in all their roles and iterate through them to check to see if they're in that specific role? You could create roles (permissions) for each application (e.g. AppOneAdmin, AppTwoAdmin) and assign the ones you one to each user. If it doesn't handle it by default, I would make sure I implemented a custom membership provider and write the logic to check the roles myself.