Multi-tenant apps and "Login"

Multi-tenant apps and "Login"

Hello -

Interesting dillema here! I am trying to implement a "Login As User" feature in a multi-tenant application. Our back office piece uses Users as its user provider, but our front office piece is its own user provider. In the back office, we have a page that looks into the Users entity to show who is in the system.

When I try using "Login" from System, I get an invalid login error, no doubt because the user provider for the current eSpace (which is Users) is not the user provider for the tenant (it belongs to the XYZ eSpace). I try a "TenantSwitch" to the tenant, but that fails. I try User_Login, but I do not have the user's password, and using the encrypted password from the User entity fails too.

As far as I can tell, the only way to make this happen is to:

1. Save the encrypted password value to a temporary variable.
2. Change the password to a known literal value.
3. Perform User_Login using the known, fake password.
4. Change the password back to the original value.

Would it be possible for me to just set Session.UserId and Session.Username to the correct values, and then doing TenantSwitch?

Is that really the only chance I have at making this work? This is a simple task when the working eSpace has the same user provider as the one that the users belong to!

Hi Justin,

TenantSwitch method performs a Logout (and cleans all session variables), so I don't think that is the way to go.

Your problem is having the 2 different user providers, since you can't use id's from one User Provider in the other. Regardless of what Login method is called.
Can you give a little more context why you need them to be different?

I could understand that in previous versions, because of all the previous multitenant limitations (for example, multitenant espaces were required to be self user provider).
But those limitations no longer exist.

João Rosado

Joao - I inherited this application from someone else; my understanding is that it was originally a 6 project, recently upgraded to 7. I am not sure why it is set up this way. I will do some analysis and see if we can indeed convert it to all be using the same user provider. If I just switch the backend to use the same system, and ensure that the publish makes at least ONE known user who can provision the other users, it should be fine.