Sample C# Code To Manage Roles With Roles Provider?
Sep 21, 2010
i want to implement asp.net role provider to assign users over my LAN to roles and have my asp.net intranet app implement security based on roles.
i dont want to use VS to manage this with the built in tools but rather hand this off to users to manage themselves. i want an admin folder with a page(s) for admin roles to be able to create/edit roles and manage users in roles... this way an admin can add a domain user (MyDomainUsername) to a role such as ProojectManager or Tester or Developer... and users wont need to contact me for these tasks...
can anyone provide me a link (or some sample code) to some sample i can use to admin roles and users over a LAN in asp.net with c#?
I'm using vs 2005 and asp.net 2.0 to create my website. Recently, I thought about applying membership instead of my customized security system in order to achieve higher security level and performance. At first thing went well, since it was easy to create/manage users and Role names from behind code, but when I came upon the "Access Rules" I faced what you can call it an 'obstacle' at least from my opinion.
The thing is, I don't want to use Asp.net Web Site Administration Tool to create and manage my access rules which I'm going to assign to each of my dynamically created Roles. What I want to be able to do is make a page where the Admin can create/manage his desired Role(s) and also, create/manage the Access Rules, then add such Access Rules to the previously created Role(s).
Now, what I need to know first is... is it even possible to do such thing in the first place? Because the way i understand it is, since the access rules are stored in the web.config of each folder/directory that you apply them on then it shouldn't be allowed to modify it from the running/published website.
I'm looking to be able to manage my users and roles online. So that I don't have to re create the wheel, is there a way I can upload the asp.net configuration tool for my website?
Can anyone point me to a sample admin page for managing users and roles (forms authentication). Something like the security section of the WSAT, but for a finished site.
we are a small team of student developers and we are making a website with a silverlight application hosted on the sample website of VS 2010(i mean the one you go New website new asp.net website).But we cant understand how the login works or how we can put roles like administrator and such.Also we are using master pages and pages and i would like to know how can we make container to not being visible to an unregistered user and how to be visible in registered or better to a spesific user.
I am working on an application that resides on a development server on our internal network. The application was originally written to use Membership and Roles. We got busy almost a year ago before the app was finished, and now we are trying to get it ready to use internally.
The login page works just fine, but I have lost the ability to controls users and roles. I am running Visual Studio 2010 Professional now on a Windows 7 VM. I can open the application fine but there is no Web Administration Tool available for me to manage users or roles. If I go to Website -> in Visual Studio, there is no option for ASP.NET Configuration in the drop down menu. It simply isn't there.
How can I regain access to manage users and roles for this application? We are using Forms authentication and the database resides on a SQL Server 2005 instance on a separate box from the web server and my local VM.
Is there a way I can make it so that a user must meet RoleOne and RoleTwo to satisfy the RoleGroup? By default, if a user is in either of the two roles, they will be granted access. I know I can do this via the code-behind, but I'd prefer to be able to wrap some content template with this markup instead of having to wrap it in a panel and hide the panel programmatically.
I have a multi level application that I am developing and need to block multiple rows from being joined. I know how to hide one role but I cannot figure out how to hide multiple.
how to implement a custom role provider which has support for parent and child roles?
I have a requirement to have high level Role permissions as per the usual Role provider functionality. However, I also have a requirement to further breakdown permissions into sub roles. I toyed with the idea of having further role instances for sub permissions but I'd prefer to have a native solution which allows for sub roles.
In this scenario, the "Admin" role is actually 2 distinct roles, one for IT and one for Extranet scenarios. Ideally, there is no association between the 2 "Admin" roles because they are unique sub roles.
[Edit]: Following Igor's comment I feel I should clarify. The aspnetdb is already hosting multiple applications and therefore the use of the Application Name is not possible to segregate the sub roles as it is already being used to seperate the roles by application.
I created a custom forms authentication and membership provider and it seems to work fine opening up in WAT, creating roles and adding users. Also when I in my mvc app use it to log users in, it works fine. However it seems to fail to determine a user's role (no errors, but just jump over User.IsInRole(...) lines and Roles.GetRolesForUser(); comes up empty. I got a gut feeling I did something wrong with my configuration, so for now I'll post just that:
Newb question: what is the standard practice for assigning roles to newly signed-on members. Is it usually manual or is there a way of automatically assigning roles. Being completely new to this, I am confronted by the issue of my site having three different roles that new members could fall into, but am unsure about how to assign each a role. I can't imagine having to go through the process manually if I have thousands of members.
I create custom principal for implement logic for users. In identity I store Id, Name. But it abnormally - this classes must use for authenticate and authorize.
I can implement custom MembershipUser, custom Roles and Membership provider.
in my app i want to create two types of users. (1) 'staff' (2) 'admin'
i have a page called registration which basically creates a user. i used the asp.net configuration wizard to create roles and set access rights to certain pages and this works great.
however, if i was to deploy this app then users wouldnt have access to the asp.net wizard therefore not be able to create users with roles/access.
so how can i do this in code? can i create a drop down in the registration page with two values (staff and admin) which will represent roles and then another drop down with access rights? (allow/deny)
how can i now program these drop down and make it work like i would normally do using asp.net configuration wizard?
In asp.net web application I have restricted users actions depending on their roles like as follow
I have created three tables in database
Tables
Table: Users
UserID Username Password 1 Bob password1 2 Scott password2 3 Jisun password3 4 Sam password4 5 John password5
Table:Groups
GroupID Name 1 Administrators 2 Clerk 3 Manager 4 Cashier
Table:Roles
UserID GroupID 1 1 2 2 2 3 3 4 4 3 4 4
In Global.asax file I have written the following
Sub Application_AuthenticateRequest(sender As Object, e As EventArgs) If Request.IsAuthenticated Then 'Determine this user's roles[code].....
as of now it is working fine. Now a new requirement has araised that to allow the clerk to access some of (but not all) functionalities perfomred by administrator.
Do i need to change my source code to provide above new requirement?
Do I need to do the same again and again when such requirement araises in future ?
Other than WSAT as I don't want to have to use the CMD bypass to access it using VS 2013, how can I administrate users/roles on my web forms web site and be able to administer them via the website from a different location.
I need to implement Code Access Security, and URL based security using the roles & types...
For instance, the (Subscriber/Basic) would need to view a different set of pages, and have different access to things then a (Subscriber/Business).
I think I can handle the Code Access security with a custom attribute, but I am unsure to how enforce a User be apart of 2 roles in the URL Authorization.
I am currently using the web.config to deny/allow access to the directories/pages.
e.g.
/Areas/Admin/web.config
[Code]....
Is it possible to force the user to be apart of 2 roles with this technique?
I am building a content management system and so far I am trying to get a member's area to work. I figured out the CreateUserWizard and the Login controls. I also used Roles.AddUserToRole(RegisterUser.UserName, "Member"); upon account creation to assign the user the role of a "Member". I have been googling but I havent been able to find a solid way on how to restrict either a directory or a page to make it so that only "Member" users can access it, otherwise redirect to login page. Can anyone give me an idea for this? Also I had a related question, when I go on to the site and I am NOT logged in, what is my default role? is it guest or just null?
I need to get know how SiteMapProvider.IsAccessibleToUser() works. Built-in XmlSiteMapProvider calls HttpContext.User.IsInRole() which uses System.Security.Principal.GenericPrincipal in case of forms authentication.
Where does the current user gets its roles? Which provider loads this kind of information? I want to overload it and use custom logic.
I want to be able to specify which roles having access to certain controllers in web.config and use it something like this:
[Code]....
..but the compiler says "Error 1 An attribute argument must be a constant expression, typeof expression or array creation expression of an attribute parameter type...". How to accomplish this behavior?
I'm developing a web application I want to use the role authentication to control different parts of the website accessibility. But my problem is say I implemented a upload and download functionality on one of the page and I want to have the ability to control a user whether they can either upload or download; or both. So, I'm not exactly sure if the role base authentication can support a user with more than one role to work the way I want it.
I have a pdf file that will be stored in a website and based from roles it will call the certain pdf files. (done with this save pdf inside a folder then call it using sitemap per pdf files according to roles) but I need a search page that will search a given pdf file name based on their roles, they can only see the pdf that is intended for them then via link it will then see all the pdf that was search.
I am baffled, I am using a treeview to set the source of an iframe. The web page is being displayed correctly, but User.IsInRole("roleName"), in the code behind, always returns false. The strange thing is User.Identity.Name returns the correct user name. I have tried setting the target of the tree view nodes to "_blank" and to "_self" and still no luck. So, it doesn't appear that the problem is related to the iframe.Before the treeview was added, javascript was used to set the source for the iframe and User.IsInRole returned the correct values.
