1

I have an MVC website that uses ASP.NET Identity. This site can be used for multiple customers data, and each customer is independent to another, no data should be shared. Each transaction should happen only on that customers data when that Customer is selected.

However, the Users who log in can see All customers, they just choose at login which customer to transact against.

So upon login, they will pick from a Dropdown their customer, and then see all that customers items, individual information, and unique things that can be done for that customer.

So for example

var allItems = from a in db.Items where a.CustomerId = customerId select a;

This customer Id can be got at login, as its what the User chose from a dropdown. However, how do I persist this choice throughout the entirety of the users log in session? I obviously don't want to save it to the database as its not a permanent choice I want the choice to be gone when they log out, with them to be free to choose another Customer next login.

Another cool thing would be able to override the get method in the DbContext to retreive only items matching whatever customer Id was selected on login

public DbSet<Item> ItemsAll { get; set; }

public IQueryable<Item> Items
{
     get
     {
          return ItemsAll.Where(x => x.Customer == myLoggedInCustomerChoice);
     }
}
MichaelMcCabe
  • 523
  • 4
  • 15
  • 33

2 Answers2

1

Add the value to a Session-variable, and check against it when you load pages.

andreasnico
  • 1,478
  • 14
  • 23
  • Forgive me if I'm not seeing a connection between session variables and how a client tracks a log in, but a Session Variable has a timeout, so would a log in. Could they not be different? Meaning a Session Variable could expire before that users login has. What if the user clicks "Remember me" – MichaelMcCabe Mar 15 '16 at 11:31
  • The session timeout and the login timeout are different, but you manage this by setting the correct settings on both of them. (Read more here: http://stackoverflow.com/questions/17812994/forms-authentication-timeout-vs-sessionstate-timeout). But it is no magic here. Either you have to "permanently" store the choice somewhere (ie database, cookie, local storage etc) or you have to account for that the customer choice may have to be chosen again. If they have a "remember be" ticked, you still can log them in automatically, but they then have to choose which customer they want to see. – andreasnico Mar 15 '16 at 13:44
0

Your choices are

  • Persist it to the database. Good for if you really never want to have the user choose again. The downside of this is if you want to also capture it on the client you need to also save the value on the client using one of the other choices.
  • Persist it to a cookie. Don't set an expiration or set it to the same expiration as the authentication cookie where remember me is persisted .
  • Persist it to the HTML5 local storage (window.localStorage). The downside here is you need to include any variables in any requests back the server where this information is used. This is not necessary with the other choices.
  • Persist it in the Session object and configure Sessions to use a database. I am not a big fan of Session objects so I would use this as a last resort.
  • Hidden field (input type='hidden') - Same downside as local storage BUT you have to make sure that this value is not lost in navigation. So this is fine for an SPA where some of the content remains static but not handy for a traditional web app.
Igor
  • 60,821
  • 10
  • 100
  • 175