Closed mirecg closed 7 years ago
Can you explain the use case for multiple certs for one user?
Hi, not multiple certificates for one user, this is allowed. But multiple users to have the same certificate. We have a customer where multiple users share the same certificate for login to our system. This was allowed in our currently used identity model. But we are migrating to this MembershipReboot identity model. This is killer requirement for us. We use certificate as the second authentication factor, so there's no identification problem when authenticating user by certificate as a second factor, because user is already identified by username/password.
I'd have to think about this. It's certainly not a hard change... but it might affect current uses. Maybe a setting that would say this is allowed?
The setting controlling the uniqueness of the certificate is sufficient.
Hi, how do you see this, when are you going to incorporate this setting into release? Without it I will need to go with own version of code which would be my last resort.
I don't have time. You can propose a PR.
hmm, the same on my side As I can see there are already several PRs waiting for quite a long time. This will not be the solution ...
Hi, I've finaly created a PR for this issue. Be the meantime I've found simmilar issue with the phone uniqueness. Would mind allowing non-unique mobile phones? The reason is the same as for the certificates. In our existing solution the customers have several accounts with same certificate and with the same phone number. I would open another issue for this and I would create another PR with simmilar solution, as having configuration property PhoneNumberIsUnique.
Given that I don't foresee making this change, I'll close this issue. Thanks.
Hi, I need to allow for multiple accounts to have the same certificate. This is not allowed in your current implementation, where the
UserAccountValidator
handles theCertificateAddedEvent
and checks for existence of other account with the same certificate. I do not see any chance to override this. TheUserAccountValidator
is hardcoded in theUserAccountService
, so I cannot replace or nor to override this behavior. It would be nice to have an option to supress this built-inUserAccountValidator
using some configuration option.