I am using ASPNETZERO multi-tenancy solution and I want to achieve following solution in that.
My need is like One user share all details among all Tenants.
Let's say there is user1 registered in Tenant1 with email id, password and all fields.
Now what I want is this User1 can logged in any tenant using the same login details, I mean to say user1 can login in tenant2, tenant3 etc.. But without registering again and also with same login details.
Also user can edit details in any tenant and that need to updated in all tenants.
Here is what I have planned :
I am planning to put multiple entries of same user with different
tenant id in default Usertables. I mean to say, when user1 registere
in tenant1 then I will copy all details of that user to all tenants.
So I will create same user entry with tenant2 id, tenant3 id and so
on..
I got it working by editing user-service file.
Thanks
In case of allowing a user to login to multiple tenants, the following approach can be used
The user details should be generic and not under a tenant
After adding user, you will assign the user roles for every tenant
When the user logs-in, the data will be validated and then the user will be given a page to choose tenant for which he can work
(OR), the user can provide the tenant name during login so that you can directly validate the user and allow to use the application
Tenant level access will be based on the tenant and roles, if I have access to Tenant1, it means that i have a role for Tenant1 and if I pass Tenant2 to access, the system does not find any roles associated with my user for the Tenant2, denying access (401).
Related
I want to design my Firebase database such that only registered user i.e - I have some predefined set of users who will be using application and only they will be able to sign-in. But the problem is I will get UID only after user is authenticated using OTP in phone authentication and I want to set UID as unique id for each user, So how will admin create the user without UID. I need UID for further operations.
I have one solutions but not sure if this is good idea.
I will create one collection as Registered Users with the phone no as unique ID. and users data like name, email etc. And then when user sign in using phone no. I'll first check in this collection if there phone no is present or not. If it present then I'll allow him to sign-in else not. And with that I'll create another collection as Users and move all the users data from Registered Users collection to Users collection with the UID as unique ID.
Let me know if this is correct approach or is there any better approach available for this kind of scenario. Thanks.
I have created a secondary User store using LDAP. By default, all users of the secondary store have no permission. Is it a way to assign the suscriber role to all users in one operation or I have to do it manually for each user ?
Thanks
Since by default WSO2 uses groupId('Organization) of the user to share the Application in the Devpotal as mentioned here in the documentation: sharing applications
You can go to the Carbon UI and search for the LDAP users among which you want to share an Application. Next to the User click on the 'User Profile' tab. There you can edit the value next to the 'Organization' column. For this, your secondary user store should be 'ReadWriteLDAPUserStore'. Similarly, edit the value for each user in the secondary user store to the same value to share the Application among them.
In fact, in the ldap user store if you configure LDAP groups there are automatically created as a role and you can apply permissions to a role which will be apply to all users of your LDAP group.
But I didn't find a way to share applications between users of a LDAP group ...
Here is a better way to achieve it. In the official documentation it is mentioned that it allows the Applications to be shared if we have common roles, in as you said WSO2 treats AD groups as roles. Lets assume you have two users user1 and user2 in your LDAP store both of which are the part of AD group 'AD_Group'.
So mention the AD group name common to the users among which application needs to be shared : -
Also change the configuration as following in the deployment.toml file : -
[apim.devportal]
enable_application_sharing = true
#application_sharing_type = "default"
application_sharing_claim=http://wso2.org/claims/role
I work with alfresco 5.0.d
I want some users (who have a particular role) can create other user.
I don't want to add these users to the Administrators group.
I realize that the user can enter to create page (http://localhost:9090/share/page/console/admin-console/users) only if he is admin.
So how can I authorize a user with a particular role to enter the user management page? and create , delete or modify user ?
thank you
There are multiple ways of doing this,One way is too manipulation of permissions.But that will become more difficult.Instead of that do below things.
1.Create a webscript and pass required parameter for creating user.From that webscript create a user.
2.Create one dashlet or page in alfresco share and call the webscript, pass userName as parameter(along with the data of new user) and validate that user inside webscript(for identifying that user have access to create user or not).
Above approach is less secure.But if you don't have issue of confidentiality than you can go with that.If confidentiality is an issue.Than you need to find something which validates your user.Like creating another webscript which validates user.
I am trying to learn ASP.net MVC -
I have successfully implemented the basic authentication and authorisation.
My application is multi tenant (One DB one Schema) and multi Users.
Each user can be added to any tenant by admin.
A user will be given a list of tenants he can use upon logging in.
Then the user clicks on one tenant and enter in to the tenant's application data and can update, create etc. (invoices for example).
I am using cookie authentication, should I be adding each tenant the user is authorized to use as a claim or check on server side for authorisation when user switch between tenants.
Using cookie claim will save DB queries if I have tenant list for user as claim. But Cookie has 4k limit what if a user can access thousands of tenants such as admin.
You can save user-tanent relation in a table , and put row id in cookie , so you can check that row when user logged in.
I am using ASP.NET Forms Authentication (Roles, Users, Membership, etc).
In short, I'm looking for something that will give me a unique UserId for users -before- they are logged in or before they create an account.
I would like the user to be able to personalize the site to a certain extent -before- they go about the work if creating an account. I realize that work would be lost if they clear their cookies.
I store personalized settings in a table with their ASP.NET Auth UserId. I'm hoping that users get assigned a cookie-based UserId even before they log in and create an account, rather than every "guest" having the same "guest id".
If and when they do create an account or log in I'd have to migrate their saved settings to their "permanent" UserId, but that's ok with me.
I could re-invent something, creating a Guid and storing it in a cookie, but I'd like to avoid reinventing the wheel if there's already a mechanism in ASP.NET.
Thanks!
Dave
See Personalization and User Profiles in ASP.NET 2.0 - Handling Anonymous Users.
Note that each anonymous user gets a unique anonymous ID the first time they visit a site. This ID is stored persistently in a cookie. Thus, if a second user opens up a browser on the same computer as the first, the second user will be seen by the site as having the same anonymous ID that was issued to the first user.
The short answer is No. There is no user id assigned to anonymous users that you can store in the Profile table. You will have to create an "AnonymousSettings" table that you store customization information on a per user basis. You would generate your own cookie with a unique ID (a GUID would be a good choice) and the use that to lookup the anonymous user.
Once the user registers, you can transfer their settings from the anonymous table to the profile settings.
Asp.net Automatically generate SessionID per user.
You can use SessionID of active user.
Session.SessionID returns unique key for user. SessionID stored in Cookies.
Asp.Net doesn't remove Session Cookie. After User logged in. So
You can match SessionID and UserId.