I was working with Yii1 and for the authentication a was working with a "webuser extends CWebUser and in "UserIdentify" i was testing in access Level column in admins table, and if the user isn't in this table i search the user in Users Table.
So it was very simple to use it
Now with yii2, things become very different. I don't know from where i begin.
So if someone have an idea in how to authenticate from different tables it wil be very helpful.
Regards,
Related
I have a question regarding an application that I am developing, I try to implement a Kanban solution.
I have separated the IdentityServer (Users, Roles, etc), from the module/app that I am implementing. (Tiered)
I would like to know how I should do to have user data in the module/app.
I mean, it should have the "duplicate" users table or from the module/app can refer to the context of the identityServer database...
I am a bit lost...
For trying to give an example.
IdentityDbContext { Users, Roles, etc }
ApplicationDbContext { Board, Columns, Tags, Cards, CardUser, ¿User? }
In CardUser I would like to have the users related to Card (an N-M relationship).
But I don't know if I should create an entity/DbSet in the ApplicationDbContext or just save the UserId and then for each UserId query data to db or do call to api to the IdentityServer.
I think it's hard for me to explain myself, I'm sorry if it doesn't make sense, I appreciate any kind of help/comment.
Thank you very much.
As per best practices, aggregate root can be referenced by its id, but it is recommended not to reference it with the navigation property.
We have implemented a similar case for EventHub. You can see how we implemented it from the links below.
https://github.com/abpframework/eventhub/blob/e19c32731655df8c78d082a84cb336263c5f081a/src/EventHub.Domain/Events/Speaker.cs#L10
https://github.com/abpframework/eventhub/blob/e19c32731655df8c78d082a84cb336263c5f081a/src/EventHub.Application/Events/EventAppService.cs#L366
You can try to create an Event to better understand the requirements of EventHub.
https://www.openeventhub.com/
I'm wondering about which approach is better using multi auth with guards and different auth tables Or using the same auth table with different roles/Types in this scenario
let say we have two different users types "doctor" and "patient" each of them has totally different profile data
If we use multi-auth we can set all user's data with auth data in the same table but we will repeat ourselves if we have a model that belongs to the two users types let say "Hospital" and we will check on guards everywhere.
On the other hand, if we implement roles or types we have to split profile data into three separate tables one for users auth data(email, pass,..etc) with polymorphic relation with others for user-related data let say (patient-data and doctors-data)
but we have to join everywhere we use user data.
There may be a better solution and I know that there is no absolute right solution I am looking for an answer based on previous experiences in terms of performance and the possibility of expansion.
I would always go with the roles/permissions way for the authentication part. This way you can just have one way to log in.
You can split the login form or you can use the same form for all roles. Based on their role you can redirect them to another page where they can see their actions. For example, a separate vendor dashboard. You can use different login URLs of course where you only allow users to login with a certain role. This is a small adaption to the current login flow by just checking on the role as well. You can even create your own controller for it if needed.
You can always use middleware or permission based on the current role of the user to determine where they can go or what they can see.
Multi auth always makes it more complex, while in your case you just have users that log in but have different permissions
We now have one site running but we will need to build a branded site for our client soon. The client site will have exactly the same data set as our current site expect for the user data. The client site must have totally separated user info which allows only the client to use the site.
I don't see the need for setting up a new database or creating a new user table for the client. My tentative solution is add a "Company" column for the user table so that I can differ which site the user data row is on.
I do not know if this approach will work or not or if it is the best practice. Could anyone with experience like this shed some light on this question?
Thanks,
Nigong
P.S. I use LAMP with AWS.
Using an extra column to store a company / entity id is a common approach for multitenant system. In general you will want to abstract the part that that verifies you can only retrieve data you're allowed to a piece that all queries go through, like your ORM. This will prevent people new to the project from exposing/using data that shouldn't be exposed/used.
I've been diving into CakePHP this year and I'm loving it! However, I've just run across a problem that I'm not sure how to handle. My database design is this--
USER can belong to one or more WEBSITE
A WEBSITE can have many USER
So I have a many-to-many relationship which is tracked in MEMBERSHIP
MEMBERSHIP also tracks what group_id the USER has for that WEBSITE.
For example, if user1 joins website3 as an administrator and website5 as a editor, then the MEMBERSHIP table has an entry reflecting both those roles.
Basically my problem is Cake's ACL. In the above-mentioned model, user1's group_id would change depending on which WEBSITE he's selected after logging in. (And he could subsequently change to even more websites within the dashboard by changing the group_id again and again). Cake's ACL appears to only handle 'user belongs to one group' period.
Can I trick the ACL by giving it the group_id from the session every time its changed and then reload the AROs? Would it make more sense to scrap ACL and create my own permissions module?
Any suggestions or ideas to point me in the right direction would be GREATLY appreciated!
i think it will be the best way to create your own permission module.
the reasons are quite simple:
you can modify/extend it in any way YOU want
you will not break any cakePHP specifications
I'm building four websites. They all should have the same login-datas (user can registrate on website 1 and also can use website 2 and 3 by using the same Login-Name).
My idea was to use the MS SQL Membershipprovider (good idea?).
Now I don't know where to place the SQL-Mebershipprovider (in an extra databse? or together with the websites? -> sound like getting chaos^^)
A other idea I've read was to create a webservice to the authentification?
But I think I'm getting problems with the data consitency, because I think there is no way to point from one database to an other (linking for example the usertable in database one to the texttable in databse 2).
I want to use MVC3 and a MS SQL-database.
Any experiences or ideas?
Thanks a lot!
You can use a separate membership database to do this and just point the providers of each site at this database.
If you wanted to use the role provider you would have to have the same roles in all four websites which may not be what you want. You could use a central database to just handle authentication and then create a local user record in each website that links back to your central user database (you will have to do this linking manually i.e. no relationship). This will then let you role your own role provider for each site.