I want to actually implement two applications.
Application (server 1)
A management application to manage users and buildings. CRUD Controller for users, roles and buildings. To use this application an login is required. Analyse answers / results from questionnaires which will be filled in appplication 2.
Application (server 2)
Login with the user names which will be created in application one
Document Exchange bundle. Users can share documents
Questionnaire bundle, users can create questionnaire
Other users filling of questionnaires
Not every user can use every bundle in application 2. Only users with specified roles can use a bundle, the user roles will be defined in application 1.
I need an idea how I could realize the data exchange in such a case? Because application 2 require the user, roles from database of the first application. In the ideal case, I do not want data redundancy.
The first application i implement in symfony2 and i'm not sure whether to share a good idea the applications or is it better idea to integrate the bundles from application 2 in application one?
Can someone give me tips?
The easier solution could be done with the use of one App. The Security Component of Symfony2 can manage different roles and access to specific action or bundle. Moreover you can use JMSSecurityExtraBundle Annotations to simpler your work.
Related
In a .net 5 MVC project that uses Identity for authentication, is there a built in option to manage the roles (crud) and user <> role relationships (add and removed roles to a user)?
I have found some tutorials that could work:
https://www.c-sharpcorner.com/article/adding-role-authorization-to-a-asp-net-mvc-core-application/
https://www.yogihosting.com/aspnet-core-identity-roles/
But before I go recreating the wheel, I just wanted to be sure there isn't some functionality contained within the framework that I am missing.
Edit: Just to clarify, my question is regarding giving user roles e.g. Admin, manager, staff.
I've always used identity and always had to create my own logic for creating and assigning roles to users. But keep thinking there must be a standard way to do this.
A few options. One is just the admin UI and the other is a web framework with admin UI
https://github.com/mguinness/IdentityManagerUI
https://docs.aspnetzero.com/en/aspnet-core-angular/latest/Features-Angular-Role-Management
for different roles in multiple groups
https://github.com/rogwool/two
Might have been better with a GroupId key in AspNetUserRoles
Problem
I have two seperate apps, a "Manager" app and an "Employee" app which share a database, and I am using Firebase for auth. Currently I have two different projects in Firebase, one for each user type. I am now trying to develop a third "Admin" app that allows someone appointed by the organization to manage users on both the "Employee" and "Manager" apps. I have looked into using custom claims but in order for this to work across both apps would have to be on the same Firebase project.
Potential Solutions
Migrate all users to the same Firebase project
In this case, I migrate all of the users to one Firebase project and would assign a type to each user. Upon login, I would check if they are of the right type for that application and log them out if they are not - it's a bit hacky but workable
Switch auth providers
Obviously the most tedious and costly option that I would like to avoid if possible
Can anyone help me figure out the best approach here?
Since all three apps seems to work within the same domain, it'd be most common to set them up in a single project and use custom claims, security rules, or a combination of both to control access of the various user types.
I'm currently building a huge Symfony2 project, which consists on a central application (let's call it "Main", and different standalone projects, mostly on Symfony2 too (let's call these "Satellites").
The Main project will have its own database, and each Satellite too. However, the Main project will manage some critical data (users, roles, etc...), and this data needs to be available on each Satellite. This means some kind of "replication" from certain entities to a list of databases (managed by other Symfony2 apps, or not)
The part that is actually working is the mapping. I have a Bundle which provides the User and Role model classes. Other bundles just have to extend those classes (FOSUserBundle style), and the mapping will be performed correctly.
I am actually struggling with the "replication" from the Main project to each Satellite's database. Basically the perfect workflow would be:
A User or Role is added / removed / updated on Main
A service loops through a list of database connections
re-executing the query / queries involved in step 1. on each other database connection. This implies not only using other entity managers, but mostly generating plain SQL queries to execute on servers where Satellites are not Symfony2 apps
I can hook on the "onFlush" event of Doctrine, and retrieve a list of entities that are going to be updated / persisted / removed. The part where i'm completely lost is the 3.
Is it even possible ? Any help would be greatly appreciated.
I had same situation in one of my project, we have Main and Satellite application,
all required datas hold in main and all applications talking each other via APIs, also in satellite application we have custom user provider which is authenticate users from main server. You could follow this way. http://symfony.com/doc/current/cookbook/security/custom_provider.html
I am creating a sort of intranet system in ASP.NET that requires me to hide/show/disable/enable certain things depending on the logged on user's role. So far I have been using ASP.NET Membership (what I learned in school) however I am running into problems with having to customize things. We need usernames and passwords but we also need to add custom fields like first name, last name, clearance level (which will be used to set the user's role when they are added) and some arbitrary descriptive fields like employee title and office location.
We're using Microsoft Access (OleDB Connection in ASP) for the bulk of our database needs and we have an employee table that stores all the info we need (like names and clearance levels). I wanted to find a way to link records in those tables to the user that was set up through ASP. We need to be able to create, edit and delete users not through the web configuration tool but through the site we're creating (it will be managed by someone not familiar with ASP). Since ASP Membership uses SQL Server, it is becoming complex for me to try and find a way to connect the user tables generated by ASP and the employee tables created for the project.
I have now read online that there are two other versions of this kind of Membership system: SimpleMembership and Identity. Just by habit I'm leaning towards the most recent iteration (Identity), however I am now reading it is harder to query the user tables for appropriate role info and such.
Which would be the best for a system that has 3 specific roles and must disable/hide specific things depending on the role? And which one would be best for allowing me to create my own Add/Edit/Delete pages for users within the system?
MembershipProvider is depricated and replaced by Asp.Net Identity. Use Identity if this is a new project. Think of migration from MembershipProvider to Identity if it is a brown-field project, but it can take a week of time.
Identity is highly customisable and it is easy to add extra fields on a user and CRUD for users is very easy, especially if you know Entity Framework.
Setup:
Multiple web servers with synchronized
forms authentication.
Multiple asp.net Applications running on these severs.
What's working:
SSO across all servers
Authorization using asp.net roles
What's not so good:
All roles are "global" - I have "admin-app1" and "admin-app2" etc.
Question:
I know this can be solved by defining different "ApplicationNames" for each of the different applications but what is the most easy way to compile a list of all the different applications a logged on user has a role in?
I would like to do something similar to: CurrentUser.Applications()
to get a list of "all applications in which the current user has any role".
Up to now I have used Roles.GetRolesForUser() to compile the list not very elegant or scalable.
Using the SqlRoleProvider I can hack inte the DB to get the complete list of Applications and then compile an application list for the user by query the different application's role providers. My best shot so far but it doesn't feel like the best solution...
Any hints or comments?
BR, Jens
I have come to the conclusion that this cannot be done using the framework.
Anyone who tries to do something similar e.g. buiding a dashboard of all asp.net applications hosted has either to maintain the list of applications separately or hack into the sql tables if you are using the SqlRoleProvider .
Happy hacking!
/Jens
I think ApplicationName is for completely separating applications while using the same database. Are you sure you can link users in one application name to roles in another?
Your best bet is probably to keep the same application name and implement a custom role provider.
http://msdn.microsoft.com/en-us/library/8fw7xh74.aspx