mbrship-1Either you run your web site in the shared hosting environment or on your local IIS server, you likely have several ASP.NET applications running in the same root directory. Each of them can be configured as a separate web application and run totally independent from others. Although BlogEngine is not (yet) multi-blogging platform, you can easily run bunch of BlogEngins on the same root for number of bloggers. Lets say, you have 3 bloggers contributing to your site and you want each of them have their very own blog, then you create similar structure:

myblogsite.com
/john
/mark
/mike

Copy instance of BlogEngine into every subdirectory and configure it as application in the IIS, and it looks like you all set. John comes in, logs into his site as admin and everything seems to be working just fine. But then he goes to the Mark's site and finds out that he can administer that one too. What's going on? Simple, both sites are using ASP.NET membership and both run on the same box - and IIS assumes that you want single sign-in functionality by default. This is a cool feature, with no coding required you get single sign-in for free. This is great - but not exactly what we want in our case.

Fortunately, it is easy to tell IIS that you want each site use it's own membership, you only need to change machine key value in the web configuration file. This is big ugly encrypted value that will be different on every PC, but you don't need to have multiple computers to generate them. Just go to machineKey Generator web site and push "Generate" button (leaving all defaults), then copy and paste result in the web config replacing standard machine key. Repeat for each blog you want use it's own membership provider, and security roles for each site will no longer interfere with each other.

Share/Save/Bookmark
Signature
Comments Comments (4)
Permalink | Post RSS

Comments

3/30/2009 10:55:34 PM #

Ben Amada

Great tip -- I hadn't tried that before.  Two other ways to accomplish the same thing are:

1. Change the Forms and Roles cookie names in each web.config file from .AUXBLOGENGINE / .BLOGENGINEROLES to something unique.

2. Use a unique cookie path for Forms and Roles ...

<forms name=".AUXBLOGENGINE" ... path="/john"/>
<roleManager cookieName=".BLOGENGINEROLES" ... cookiePath="/john">

Ben Amada |

3/31/2009 8:39:16 AM #

rtur.net

I guess, there are always more than one way to skin a cat Smile

rtur.net |

3/31/2009 8:28:09 AM #

Scott

I don't think you know how much your going to save me with this tip.

I own dotnetim.com and I wanted to port it over to dotnetitm.spoiledtechie.com, but I can't have people logging into my blog as well as dotnetim, so this will help a bunch.  Thanks.

Scott |

6/24/2009 5:46:58 AM #

growing taller

I used Encrypted for obvious reasons.  When using Encrypted the machineKey element in the web.Config file must be specified.  While the MSDN documentation shows the ability to have auto generated keys, this is not possible with Membership passwords and the keys MUST be specified.

growing taller |

Comments are closed

Menu

Categories

Tags

<<  March 2010  >>
SuMoTuWeThFrSa
28123456
78910111213
14151617181920
21222324252627
28293031123
45678910

Most Popular Posts

Admin

Enhanced with Snapshots

Subscribe to Rtur.net