In a .net 5 MVC project that uses Identity for authentication, is there a built in option to manage the roles (crud) and user <> role relationships (add and removed roles to a user)?
I have found some tutorials that could work:
https://www.c-sharpcorner.com/article/adding-role-authorization-to-a-asp-net-mvc-core-application/
https://www.yogihosting.com/aspnet-core-identity-roles/
But before I go recreating the wheel, I just wanted to be sure there isn't some functionality contained within the framework that I am missing.
Edit: Just to clarify, my question is regarding giving user roles e.g. Admin, manager, staff.
I've always used identity and always had to create my own logic for creating and assigning roles to users. But keep thinking there must be a standard way to do this.
A few options. One is just the admin UI and the other is a web framework with admin UI
https://github.com/mguinness/IdentityManagerUI
https://docs.aspnetzero.com/en/aspnet-core-angular/latest/Features-Angular-Role-Management
for different roles in multiple groups
https://github.com/rogwool/two
Might have been better with a GroupId key in AspNetUserRoles
Related
I am creating a sort of intranet system in ASP.NET that requires me to hide/show/disable/enable certain things depending on the logged on user's role. So far I have been using ASP.NET Membership (what I learned in school) however I am running into problems with having to customize things. We need usernames and passwords but we also need to add custom fields like first name, last name, clearance level (which will be used to set the user's role when they are added) and some arbitrary descriptive fields like employee title and office location.
We're using Microsoft Access (OleDB Connection in ASP) for the bulk of our database needs and we have an employee table that stores all the info we need (like names and clearance levels). I wanted to find a way to link records in those tables to the user that was set up through ASP. We need to be able to create, edit and delete users not through the web configuration tool but through the site we're creating (it will be managed by someone not familiar with ASP). Since ASP Membership uses SQL Server, it is becoming complex for me to try and find a way to connect the user tables generated by ASP and the employee tables created for the project.
I have now read online that there are two other versions of this kind of Membership system: SimpleMembership and Identity. Just by habit I'm leaning towards the most recent iteration (Identity), however I am now reading it is harder to query the user tables for appropriate role info and such.
Which would be the best for a system that has 3 specific roles and must disable/hide specific things depending on the role? And which one would be best for allowing me to create my own Add/Edit/Delete pages for users within the system?
MembershipProvider is depricated and replaced by Asp.Net Identity. Use Identity if this is a new project. Think of migration from MembershipProvider to Identity if it is a brown-field project, but it can take a week of time.
Identity is highly customisable and it is easy to add extra fields on a user and CRUD for users is very easy, especially if you know Entity Framework.
I want to actually implement two applications.
Application (server 1)
A management application to manage users and buildings. CRUD Controller for users, roles and buildings. To use this application an login is required. Analyse answers / results from questionnaires which will be filled in appplication 2.
Application (server 2)
Login with the user names which will be created in application one
Document Exchange bundle. Users can share documents
Questionnaire bundle, users can create questionnaire
Other users filling of questionnaires
Not every user can use every bundle in application 2. Only users with specified roles can use a bundle, the user roles will be defined in application 1.
I need an idea how I could realize the data exchange in such a case? Because application 2 require the user, roles from database of the first application. In the ideal case, I do not want data redundancy.
The first application i implement in symfony2 and i'm not sure whether to share a good idea the applications or is it better idea to integrate the bundles from application 2 in application one?
Can someone give me tips?
The easier solution could be done with the use of one App. The Security Component of Symfony2 can manage different roles and access to specific action or bundle. Moreover you can use JMSSecurityExtraBundle Annotations to simpler your work.
I'm implementing my frist web application on asp.net mvc 4 and I need to differentiate my users according to roles ( show certain menus to some roles and hide them from others) basically what i want is to manage my users and roles. I understand that security is quite an important part of my application so I don't want to risk it by implementing something not secure while there are other options for doing this.
My question is, is there something already built on MVC 4? is it apropiate for my a small site? ( I don't expect more than 50 concurrent users) is it better to implement my own user administrator? if so, where can I start? so far what I've found is the membership provider but it seems quite big for what i need, there will be no user registration instead the new users will be added by system admins.
Thanks for taking the time for reading this, any feedback will be appreciated!
I would have recommended the default membership provider as it makes use of security industry best practices (i.e. salted hash). However, if that seems overkill, there is a simpler membership provider called SimpleMembership Provider
You can use New ASP.NET Universal Providers (updated version of legacy Membership Provider).
It can be used in small application as well as large application (if you application continues to grow).
Password is encrypted with salt, so it cannot be compromise easily.
Follow the Scott Hanselman's link and see the demo. You will see how easy to set up.
I'm creating an ASP.NET website and intend to have multiple "Applications", each with its own set of users. Effectively I need a way to have different groups that people can register with, so "UserA" can be created in "ApplicationA" and "UserA" can also be created in "ApplicationB". I do not want UserA to be created in all Applications, the user has to feel as though they're creating a separate user account for each application.
I think I can do this with ASP.NET's Membership provider and the Applications table, but I'm having a hard time finding good tutorials on how to do this (searching on "Applications" just leads me to how to create ASP.NET Applications, not how the Applications table relates to the ASP.NET Membership). Can anyone point me in the right direction here?
Yes, you can use ASP.Net Membership for your applications that you have stated.
Please use new ASP.Net Universal Provider. (Membership which generates aspnet_xxx tables is an old one.)
Also make sure to set the following in web.config -
set applicationName (in membership, roleManager) for each appliation.
set machineKey
here is the schema:
http://superpatrick.files.wordpress.com/2007/11/aspnet_membership_schema_updated.png
here is some info about the membership
http://www.asp.net/web-forms/tutorials/security/membership/creating-the-membership-schema-in-sql-server-vb
Setup:
Multiple web servers with synchronized
forms authentication.
Multiple asp.net Applications running on these severs.
What's working:
SSO across all servers
Authorization using asp.net roles
What's not so good:
All roles are "global" - I have "admin-app1" and "admin-app2" etc.
Question:
I know this can be solved by defining different "ApplicationNames" for each of the different applications but what is the most easy way to compile a list of all the different applications a logged on user has a role in?
I would like to do something similar to: CurrentUser.Applications()
to get a list of "all applications in which the current user has any role".
Up to now I have used Roles.GetRolesForUser() to compile the list not very elegant or scalable.
Using the SqlRoleProvider I can hack inte the DB to get the complete list of Applications and then compile an application list for the user by query the different application's role providers. My best shot so far but it doesn't feel like the best solution...
Any hints or comments?
BR, Jens
I have come to the conclusion that this cannot be done using the framework.
Anyone who tries to do something similar e.g. buiding a dashboard of all asp.net applications hosted has either to maintain the list of applications separately or hack into the sql tables if you are using the SqlRoleProvider .
Happy hacking!
/Jens
I think ApplicationName is for completely separating applications while using the same database. Are you sure you can link users in one application name to roles in another?
Your best bet is probably to keep the same application name and implement a custom role provider.
http://msdn.microsoft.com/en-us/library/8fw7xh74.aspx