Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • ianhoughton 233 posts 423 karma points c-trib
    Feb 09, 2016 @ 18:54
    ianhoughton
    0

    Membership - Non unique username

    My client has requested that we allow users to create multiple user accounts with the same email address, the difference between then would be the role their assigned during registration (Role 1 or Role 2)

    I've changed the registration code to assign them to the selected role ok.

    I've changed the login method to detect the role and find the correct member from the database but:

    • The issue begins if the user has used the same username (Email address) and password for both Roles.
    • When setting the FormsAuthentication.SetCookie(username, true), and then redirecting to the profile page, I use this code to lookup the current member:

      public static CustomMember GetCurrentCustomMember(this MembershipHelper helper) { if (!helper.IsLoggedIn()) { return null; }

          var umbracoHelper = new UmbracoHelper(UmbracoContext.Current);
          var member = umbracoHelper.TypedMember(helper.GetCurrentMember().Id);
      
          return GetInternalCustomMember(member);
      }
      

    It appears the internal Umbraco code is looking up the Current Logged In Member, but by username only and only finding the first member that matches the username (email address).

    Do I need to change the way the SetCookie is created, passing in the Role perhaps ?

    Is there a better way of using helper.GetCurrentMember() ?

  • Marc Goodson 1003 posts 6598 karma points MVP 4x c-trib
    Feb 14, 2016 @ 01:28
    Marc Goodson
    0

    Hey Ian

    I've read this through a few times now, and am trying to make sense of it...

    I don't fully get why a user would need two different accounts with the same username / email and password combination - in order to be 'two different roles' How would any system infer 'which role' they intended to be from their username and password combination if the insistence is they could be the same :-)

    How about one username and password for the person logging in, and then after logging in, you check how many roles they are currently in, and if they are in multiple roles, why not show a screen that says

    "Hey you've logged in, but you have two roles - which role do you want to be today ?" and have a couple of links for each role that when the user clicks, set's them as that role on the current login session.

    or could the system not respond to the user being in both roles ? eg if a role is an Admin, and another is some kind of user, could the system show the options for those two roles at the same time ? - eg are the roles actually mutually exclusive ?

  • ianhoughton 233 posts 423 karma points c-trib
    Feb 16, 2016 @ 11:23
    ianhoughton
    0

    Hi Marc,

    Yeah, when we first designed the system, you either were a 'Freelancer' or a 'Buyer', but the client has now added the requirement that a user can be both roles.

    I've changed the login form so you have to pick which role your trying to login as. This saves the selected Role as a cookie.

    This works fine until you hit anything to do with the Umbraco MembershipHelper, the methods in there i.e GetCurrentMember only return the first member it finds with the email address.

  • Bijesh Tank 184 posts 411 karma points
    Feb 16, 2016 @ 12:55
    Bijesh Tank
    0

    Hi Ian,

    Getting the correct current member given multiple members with the same email could be tricky.

    You could get the current username/email and then use the Member Service to filter by the group.

    So maybe something like this could work for you?

    var member =  ApplicationContext.Services.MemberService.GetMembersByGroup("[GroupName]").Where(m => m.Username == [YourCurrentMember]);
    

    Although this may not be so great if you have a ton of members.

    /B.

  • ianhoughton 233 posts 423 karma points c-trib
    Feb 16, 2016 @ 13:33
    ianhoughton
    0

    I think there's a bigger fundamental roadblock, in that the Umbraco backend does not allow you to save any member that has a duplicate username / email address.

    I don't think this is going to work.

  • Marc Goodson 1003 posts 6598 karma points MVP 4x c-trib
    Feb 16, 2016 @ 21:42
    Marc Goodson
    0

    Yeah, I don't see why you can't have one login, and if someone is a freelancer and a buyer, they have the options to do both tasks from the single login.

    You can get around duplicate emails, by storing the email as a guid + email for the member, and creating a custom property on the Member Type for the real email address.

    How about when you create a user, their username gets stored in Umbraco as usernamebuyer or usernamefreelancer.

    Your login form has Username: Password: freelance or buyer

    The user types in their normal username, and selects 'buyer' before attempting to login you add "buyer" to their username, and try to authenticate them, if they select freelancer you append "freelancer" - get current member should only return the one user, depending on the type they have logged in as ?

  • ianhoughton 233 posts 423 karma points c-trib
    Feb 18, 2016 @ 08:17
    ianhoughton
    0

    Great idea, I'll try this next, thanks for you help.

Please Sign in or register to post replies

Write your reply to:

Draft