Security with several same usernames in Symfony 2

I'll explain a little more clearly my problem: I'm working on a websites station designed with Symfony 2. Every visitor can register on a website (created dynamically by another one), and this visitor can of course log in on this website.

I want that visitors can register on several websites, with the same username. So, ultimately there are many registered users with same username for several websites.

The fact is to log in, the security just check the username and the password, and i want to extend this control to allow connection by checking in addition the current website id where the visitor want to logged in.

So when the user sends the login form on a dynamic website, i want to check the website id, search the attached user name, check the password and log in on this website.

Here my entites:

Website
========
id
title

User
========
id
username
password
email
salt
website_id

In summary, several users can have the same user name, but on a different website. (In contrast, it can't have several same user name for one website) and I don't know how to implement the security in this case !

Have a solution ?

Answers


You will either need a centralized authentication/credentials list that is not site specific, and then link the site accounts to the credentials, or you'll need to be able to associate multiple accounts together. In other words, you'll need to lookup the accounts that all have the same name, and offer the user the option to "link" the accounts together. Of course, for security, before that link can be established, the user will need to verify access to the linked accounts in order to know that you aren't given them access to an account that happens to be named the same, but which is not owned by that person.


Need Your Help

Django custom validation in model form for imagefield (max file size etc.)

python django validation modelform imagefield

I have a modelform that has an imagefield called 'banner' and I am trying to validate the file size and dimesions and provide an error if the image is too large.

Android: How to stop Thread.sleep in an IntentService from the MainActivity

java android multithreading

I am developing an Android App. I have a MainActivity class where I launch an IntentService.

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.