How to control user role selection in asp.net - asp.net

I am working on asp.net for my website. Actually my site have two types of roles admin and user. I saw in asp.net development site at create new wizard user have a selection for roles like admin and user but if a crazy user may select admin role though he is a normal user so how could i control the user role selection.

For my optionion you should not rely on the wizard which ships with asp.net.
You should have your own control over creating users.
I would start to look at the Membership api to see how to access it from source code, how to add roles and how to authenticate... this is basically how the wizard magic works...
http://www.asp.net/web-forms/videos/authentication
http://www.4guysfromrolla.com/articles/120705-1.aspx
http://msdn.microsoft.com/en-us/library/ff648345.aspx
HTH

Related

make pages with capabilities given to users based on DB

I'm new to asp.net and trying to figure out how to go about displaying different capabilities to individual users based on what is allowed to them by checking the database.
A good example I think would be like a forum where the admin an turn on and off different capabilities the user can perform. ex. Editing old post, viewing old post, printing posts.
In my database I would have users matched with roles and capabilities.
What would be the best way to "generate" pages customized to each user, where they can see the option to "edit a post" if they had that capability, and not see it if they didn't.
You can use .NET Membership:
ASP.NET membership gives you a built-in way to validate and store user credentials. ASP.NET membership therefore helps you manage user authentication in your Web sites. You can use ASP.NET membership with ASP.NET forms authentication by using with the ASP.NET login controls to create a complete system for authenticating users.
http://msdn.microsoft.com/en-GB/library/yh26yfzy(v=vs.100).aspx
You can then show/hide buttons such as "edit a post" by checking if the current user is in the correct role:
http://msdn.microsoft.com/en-us/library/4z6b5d42.aspx
e.g.
ButtonEditPost.Visible = Roles.IsUserInRole("Admin");

Access level user For Buttons in the forms

I Want Set Access level user For Buttons in the forms. example in the each form i have Add , Edit ,search and Delete button and I want user1 access to delete and update button in the form 1 and user 2 access to all buttons in each forms.
i create Table for Save Forms Name and Create other Table for Save User Profile and create table for save access User to forms and button. But I do not know how these settings in the form.
In any form is when you load the data read from the database?And to apply settings or Can I do this, write a general function,That automatically does this for every form????
thanks all
The following link was of great help when I encountered the same problem (it is for asp.net 2.0 but applies to the newer versions):
Recipe: Implementing Role-Based Security with ASP.NET 2.0 using Windows Authentication and SQL Server
SO in few words, you need to set up the Roles and then use them to enable access to users according to their roles. Enabling buttons and disabling buttons in a form can happen in the code behind utilizing the Roles.
For example you can use this piece of code if you have setup a role called Administrators:
If User.IsInRole("Administrators") Then
'Do something only admins are allowed to-do
End If
I hope that this is helpfull.

Asp.net mvc user management

In asp.net mvc default application you get he account controller which enable user registration, log in, log out and changing password.
I was wondering is it possible to implement litle more like enabling administrator to delete some user or give some user different roles like in asp.net configuration where you create user, roles and asign roles to users?
I already figured out and extend profile for users, so now they have much more infos and profile picture.
If you have any experience or examples of user management in asp.net mvc.
Although a bit outdated, this project maybe can give you a few hints on how to implement membership administration in ASP.NET MVC:
Asp.Net MVC Membership Starter Kit
Quote
What is the Asp.Net MVC Membership
Starter Kit?
The starter kit currently consists of
two things:
A sample website containing the controllers, models, and views needed
to administer users & roles.
A library that provides testable interfaces for administering users &
roles and concrete implementations of
those interfaces that wrap the
built-in Asp.Net Membership & Roles
providers.
Out of the box, the starter kit gives
you the following features:
List of Users
List of Roles
User Account Info
Change Email Address
Change a User's Roles
Update
For restricting certain operations to specific user roles, you can create these roles using the project I mentioned earlier, and then decorate your own application's controllers and/or actions with an Authorize attribute, referencing the desired roles:
[Authorize(Roles = "Administrator, HR")]
public ActionResult DeleteUser(int UserId)
{
// do something
}
This would prevent users that are not Administrator or HR to delete users.
Here is my try for a reusable user & role management:
https://github.com/Epstone/Simple-MVC-User-Management
If I were you I'd create a Admin "module" which handles all of these things. I don't know of any asp.net documentation on this, but if you look around on PHP documentation (Zend Framework, CakePHP or other) you get the basic ideas of the structures you should use to achieve this. Just remember to keep things seperated, admin stuff goes into a admin module not a user module (but maybe a user controller inside a admin module).
I answered a similar question here:
User Management in ASP.Net MVC 3
This provides you with an MVC 3 Razor based User Management Tool. This does not include Roles, but if you get this far, it should not be real difficult to add them.

UI page for editing and maintaining Profile settings for a User

In asp.net Webforms apps, is there not any kind of maintenance UI page to edit and maintain the Profile properties of a User (I'm using VS2008 and the Web Application template), like in the WSAT Web Site Administratration Tool where you already can edit the basic Membership and Role properties for a User? I'm using the basic SQL Express data tables and the basic Membership and Role providers, and now I want to begin using the Profile provider to store and access additional properties for each User I create an account for. For instance, when I create a new User and assign them to a Role(s) on my web app, I use the WSAT tool, and now I also need to set certain Profile properties for them too. Is the only way to set these properties is programmatically? Surely there is an Admininstrative type of UI page for this so you can quickly view and edit Profile properties for a User.
Roles and Membership conform to a standard schema that you can easily create a static form for editing. Profile details are dynamic based on your configuration settings - and building dynamic forms can be a bit tricky.
On top of that, the default Profile provider stores all the profile information in one concatenated field, so you'd end up with a list of comma-separated values if they went for a really basic form.

Asp.Net Roles without Roles Provider not working?

Hallo,
i have created a web site with Asp.Net by using Sql Membership Provider, sitemap and security trimming enabled.
Based on these i have set web.config files into directories for allowing or not the users access according to their roles.
After some time i removed the MembershipProvider and i creted by hand the "standard" login procedure which cretaed a ticket and a authentication cookie and sets the GenericPrincipal into the Application_AuthenticateRequest.
The problem after these changes is that althought the sitemap displays the right pages for each different user according to his roles, when i click on this page the system redirects me to the "default.aspx" page such as the user is not allowed to enter that page!
It is strange that the sitemap and security trimming is working BUT actually i cannot enter the pages!!!!!
You can add users and roles with IIS management tool. This way you can avoid any typing error.

Resources