0

We have an existing ASP.net Core 2.1 Application which has UserAccounts associated with the Identity-System.

Now we would like to add Admin-Users which shall not share the UserAccountsTable which is already used by the UserAccounts. (Yeah i know, we could simply add a bool column like isAdmin but we opted for seperated tables).

So my thinking was, that i need to create a new Identity-Instance which is using our AdminUser and AdminRole classes (Both deriving from IdentityUser and IdentityRole accordingly).

In the DBContext i can now change the Table-Names via the Fluent-API of AdminUser and AdminRole. But how would i now change the names of the needed "infrastructure" tables created by Identity automatically?

I've found this documentation by Microsoft. But they are only using "generic" types to rename the tables for e.G. the Link-Table between Users and Roles (IdentityUserRole). This type would probably "conflict" with my already configured UserAccounts-Identity, therefore "renaming" both tables, making troubles again, or not?

An obvious solution could be to create a new AdminUserContext, which would not share the UserAccounts-Information. But then we would lose the Links to the Entities we actually would want to administrate? And linking DBContexts doesn't feel "right" to me.

Anybody got some ideas to this?

Sven Eppler
  • 1,646
  • 1
  • 15
  • 26
  • what's the problem of using a different set of permission for the admin accounts? – VeNoMiS Jan 28 '19 at 10:04
  • [duplicate] https://stackoverflow.com/questions/11197754/entity-framework-one-database-multiple-dbcontexts-is-this-a-bad-idea – Mikev Jan 28 '19 at 10:13
  • @Mikev i have to disagree. My problem is different. I want to have multipe Identity-Contexts in the same DBContext, not multiple DBContexts. ;) – Sven Eppler Jan 29 '19 at 07:33
  • @VeNoMiS i described above, that we decided on purpose to use different database table for these different types of login. Security by design, so nobody can accidently leak the whole Login-Database for Customers and Admins via some SQL-Injection. – Sven Eppler Jan 29 '19 at 07:35
  • @ghandi you have a point, my guess is that you need to implement a provider that handle this cases. Look [here](https://github.com/alexandre-spieser/AspNetCore.Identity.MongoDbCore) for a reference implementation – VeNoMiS Jan 29 '19 at 07:49
  • @ghandi you could simply create different tables in OnModelCreating. `modelBuilder.Entity().ToTable("Users");` `modelBuilder.Entity().ToTable("AdminUsers");` – MSD561 Jan 31 '19 at 19:07
  • @MSDS561 That is what i already stated above. The Problem arises, when it comes to the Link-Table for the m:n Relation between Users and Roles. This table has the concrete Type `IdentityUserRole`. But i need to differentiate between the `IdentityUserRole` and `IdentityUserRole`. Because the link table can't (or should not) have multipe ForeignKey relations to the User-Table AND the AdminUser-Table and then again on the other side of the Relation to the AdminRoles AND UserRoles. I solved the issues with a seperated DBSchema and Migrations. Just doesn't wokr in one Context. – Sven Eppler Feb 12 '19 at 07:39

0 Answers0