0

In initial discussions with my client, we thought it would be simpler to let a user sign on under different identities for different roles, e.g. training module author versus training consumer. However, this does seem to present problems using session in some ways, i.e. the same user opens both author and trainee pages at the same time, but the site only stores one cookie.

How can I address the main issue here, which is the web app recognising me as one signed on (remembered) user, when I wish to sign on as another? Or do I simply make it clear to users they must always sign off one 'persona' before trying to use another one?

Seeing as, e.g. the two roles cites above have widely differing views presented to the user most of the time, we felt the rapidly growing complexity of continually analysing the set of roles assigned to a user, in the role model, all the time isn't a scenario we'd like, we went with the different user model. What other models could I explore here as well?

ProfK
  • 49,207
  • 121
  • 399
  • 775

2 Answers2

0

Tell me if I got it right, but most of the time this is donde by loggin in with one identity which has different roles assigned to it. This way you won't need multiple identities for a single user and you'll render html depending the roles for this identity. (for example: the highest privileged role in the identity roles collection)

If your client wants wants to stick with multiple identities then I advice using a Session Wrapper .This way you can create your own session structure and store the logged-in roles.

Community
  • 1
  • 1
Diego Ledesma
  • 1,282
  • 10
  • 27
  • thanks, maybe I can do something with a Session Wrapper, yes. My point is not to render html for the highest privileged role, but for the role the user chooses to act under, provided they are allowed. I.e. admin must only see admin, not admin and pleb, but must be able to choose to only see pleb if they want, not admin and pleb. – ProfK Dec 25 '11 at 16:44
0

The amount of code necessary to check roles is minimal:

if(User.IsInRole("author") { // render author stuff } else { // render other stuff }

You could also write a static method that can be called from any page, and you can also create a role that represents two sets of permissions. So the idea that you need to allow multiple identities to accomplish what you can already do with roles doesn't make a lot of sense here.

Peter Bromberg
  • 1,498
  • 8
  • 11