Security with several same usernames in Symfony 2
I'll explain a little more clearly my problem: I'm working on a websites station designed with Symfony 2. Every visitor can register on a website (created dynamically by another one), and this visitor can of course log in on this website.
I want that visitors can register on several websites, with the same username. So, ultimately there are many registered users with same username for several websites.
The fact is to log in, the security just check the username and the password, and i want to extend this control to allow connection by checking in addition the current website id where the visitor want to logged in.
So when the user sends the login form on a dynamic website, i want to check the website id, search the attached user name, check the password and log in on this website.
Here my entites:
Website ======== id title User ======== id username password email salt website_id
In summary, several users can have the same user name, but on a different website. (In contrast, it can't have several same user name for one website) and I don't know how to implement the security in this case !
Have a solution ?
You will either need a centralized authentication/credentials list that is not site specific, and then link the site accounts to the credentials, or you'll need to be able to associate multiple accounts together. In other words, you'll need to lookup the accounts that all have the same name, and offer the user the option to "link" the accounts together. Of course, for security, before that link can be established, the user will need to verify access to the linked accounts in order to know that you aren't given them access to an account that happens to be named the same, but which is not owned by that person.