Changing the membership providers ApplicationName during runtime. How?

Question

I have a bit of a unique situation here. I'm making a web application that is going to have the ability to login with different web applications credentials. For example you can login/register with my site or you can login/register with your YouTube account. I'm not using OpenID because I need to have access to YouTube's data in this case.

I'm using ASP.NET MVC 3 EF4 with custom Membership, role, profile providers.

The problem is user names can't be unique because someone with a YouTube user name could have the same user name as someone that registered with my site. So I got around with by specifying a user type in my user table. This is pretty much a composite key (user id and user type).

I have a custom authorize attribute that is checking for the role that the user is in but now I need to implement a custom IPrincipal because I need to pass a user type. Only problem is where do I store that? the session?

Originally I thought this is what the Application table was for, and I had momentary success with that but read there is threading issues, and I was getting session faults all over the place it wasn't that great :(

I'm wondering what the best way to do with is because I can't use the overridden methods in the providers because I have to add a UserType parameter to some of the methods, but then this breaks the functionality of the provider.

EDIT: I basically need to have the ability to change the ApplicationName at runtime pro-grammatically. I tried doing this, the only problem was when I stopped my development server but left my browser open then ran my dev server again it wouldnt keep the application name.

EDIT: I've changed my application to use OAuth, I never found a good solution.

Answer 1

The best answer to this problem is answered on stackoverflow here: Membership provider with different ApplicationName in area

Here's the code they used:

Membership.Providers["MyOtherProvider"].ValidateUser(username, pwd);

Answer 2

I basically need to have the ability to change the ApplicationName at runtime pro-grammatically. I tried doing this, the only problem was when I stopped my development server but left my browser open then ran my dev server again it wouldnt keep the application name.

If you need to change the ApplicationName, this means you need to select a provider at runtime. The only way to do this is to NOT use the singleton "Membership" as it uses the provider defined in web.config.

Instead each time you need your provider use :

MembershipProvider userProvider = Membership.Providers[UserProviderName];

Just set UserProviderName the way you want. I would go with a custom global authorization or preAction filter which detect the provider from some cookie or other session variable and put the provider in the HttpContextBase.Items collection which lives for one and only one request.

Answer 3

Ryan,

Hmmm... can you work-around the problem by prepending the issuing-authority (local or YouTube) to the username field itself... Example usernames: "LOCAL/corlettk", "YOUTUBE/corlettk"???

Ok, you'll need a custom Authenticator in order to split the complex-string, and flick-pass the login-request to appropriate underlying Authenticator... but once that's done, (I guess) you're all set to deal EASILY with the much bigger problem (from your perspective) of Authorisation.

I percieve that you're a smart guy... have you considered-and-dismissed this approach allready?

Cheers. Keith.

PS: Yes, I'm a hacker... but I have bad habit of hacking stuff up that WORKS... so they've given-up trying to educate me.