I am developing a MVC4 application with SimpleMembership. I have a table - "userInfo" in which I am storing user's information such as Name, Email, Address, Phone, Role etc. When I register a user, data is stored in this table and webpages_Membership. No data is stored in other Membership tables (OAuthMembership, Roles, UserInRoles).
When I login a user, it is validated using :
if (ModelState.IsValid && WebSecurity.Login(Model.Name, Model.Password, false))
it returns "True" but after this, I need to get the role of the registered user.
In SimpleMembership, does "Roles and UserInRoles" table provide registered user role or can I query the "userInfor" table and get roles from this table.
Please advice
Thanks in Advance
to get all available roles, assuming you have enabled Roles and added at least one..
var roles = (SimpleRoleProvider)Roles.Provider;
var allRoles = roles.GetAllRoles();
to get specific user's roles.
var userRoles = roles.GetRolesForUser("specificusername");
ref MSDN
Simple Membership does not come with any out of the box management pages for Roles. You are on your own to create them, or manage them directly through code/sql/ef etc..
Code examples...
Check for and creation of Admin role:
if (!Roles.RoleExists("Admin"))
Roles.CreateRole("Admin");
Adding user to role on creation:
if (!Roles.GetRolesForUser("specificusername").Contains("Admin"))
Roles.AddUsersToRoles(new[] {"specificusername"}, new[] {"Admin"});
ref adding-security-and-membership
You can user Roles.GetRolesForUser Method after your user logged in
Gets a list of the roles that the currently logged-on user is in.
Or if you want to check whether current user is in specified role you can use Roles.IsUserInRole Method
Related
I am trying to use ASP.NET membership and roles for my project and have been going through different articles, posts and SO to check if using it is a better option for me rather than hand coding the whole functionality from scratch. Yet after days of search I haven't yet figured out if its even possible for the following scenario.
The users of my application have roles and they belong to a company as well. So, I would need to retrieve the company id for the user as soon as he/she logs in as I would need the company id on different pages to show the user his/her company specific data.
Roles should be categorized. (i-e Application Admin, Company Admin, Company Users (Managers, front-desk etc). So when company admin assign roles to users, he/she could only assign Manager, front-desk etc and Not Application Admin. (I thought about adding another field to Roles table in order to categorize the roles but I don't know whether that would be a good or bad thing to do and how it will modify the behavior of membership controls)
Not exactly a question but I am rather seeking advice whether I should go for the ASP.NET Membership in this scenario
writing from scratch is not recommended for what you want . you can handle your requirements using asp.net membership .
1- you can save user information in their profiles (company , name , ... ) or create another table to map users to companies.
2- for your second question ,you can create a separate class or method to handle the access.
something like below :
public IList<string> GetRolesUserCanAssign(string userRole)
{
var roles = new List<string>();
if(userRole == "Manager" || userRole == "FrontDesk")
{
return roles;
}
roles.AddRange(new[]{"Manager" , "FrontDesk"});
if(userRole == "CompanyAdmin")
{
return roles;
}
if(userRole == "ApplicationAdmin")
{
roles.Add("CompanyAdmin");
}
return roles;
}
I would like to know the number of users logged for each role into my ASP.NET application
i have an (Admin) role and the (rest) role
i want to know the Number Of Users Online for each one not the entire application what this method did :
Membership.GetNumberOfUsersOnline()
You will need to enumerate the users yourself. If you make use of
Membership.GetAllUsers()
you get a collection of all available users. Then you can loop through each user and check the IsOnline property to see if the user is online. To determine the roles of the user, you can make use of the methods in the Roles class.
For example, if you have two roles admin and rest, and you would like to display how many users are online in each role, you could do something like this:
var adminCount = 0, restCount = 0;
foreach ( var user in Membership.GetAllUsers().Where(u => u.IsOnline) )
if (Roles.IsUserInRole(user.UserName, "admin"))
adminCount++;
else if (Roles.IsUserInRole(user.UserName, "rest"))
restCount++;
// do something with adminCount and restCount
If you have more complicated role structure, or many roles, you could use a map to store the count per role. The logic is up to you what you want to accomplish, this should provide all the pieces necessary to express your custom counting logic.
in my Project i need to define 3 roles :
SuperAdmin
Admin
RegisteredMembers
I also have Table which named "Users" that stores information such as:
fristName
lastName
Birthday
Username
Password
.
.
.
and etc
How can i make Roles recognize which user is for which Role when users try to log on to website?
First of all you creating a Users table is just the first step. You also need a Role table and a UserRole many-to-many relationship table to store which user belongs to which role(In a simple scenario).
That's for the database part of the whole concept.
Then, on the code side...since you're providing different tables than the ones in the AspNetMembership you need to also implement a custom membership provider, custom role provider and presumably a custom membership user.
Is there a good example, on how once I validate a user I can add Roles to that user. The roles come from a stored procedure on a mysql db. I need to be able to add multiple roles for a user.
First you need to add new roles to your Roles
Something like
if (!Roles.RoleExists("TestRole"))
{
Roles.CreateRole("TestRole");
}
And then add that role to your user
Roles.AddUserToRole("TestUser", "TestRole");
You have to add role before you can assign it to a user
Do you mean like the Roles.AddUserToRoles Method?
We are building a multi-tenant website in ASP.NET, and we must let each customer configure their own security model. They must be able to define their own roles, and put users in those roles. What is the best way to do this?
There are tons of simple examples of page_load events that have code like:
if (!user.InGroup("Admin")
Response.Redirect("/NoAccess.aspx");
But that hard codes the groups and permissions in the code. How can I make it user configurable?
Perhaps put the configurable roles in a DB table, where you store the roles and tenant, and then the PagePermissions in another table, for example:
Table "Role"
RoleId, TenantId, Role
Table "PagePermissions"
PageId, RoleId
Table "UserRoles"
UserId, RoleId
Then in the page load check whether the User is in a RoleId that has permissions for that page, for example:
Select PageId FROM
UserRoles UR INNER JOIN PagePermissions PP
ON UR.RoleId = PP.RoleID
WHERE UR.Userid = #UserId AND PP.PageID = #PageId
If there are no rows returned then deny the user.
I would create a configuration system for the website that is easily managed in config-files. Where you could get typed members and use like this.
foreach(var group in ThisPageConfiguration.AcceptedRoleNames)
if (user.IsInRole(group))
...
Each customer could then configure their site in their configuration files... And every other type of things you'd want to configure.