Is there a good example, on how once I validate a user I can add Roles to that user. The roles come from a stored procedure on a mysql db. I need to be able to add multiple roles for a user.
First you need to add new roles to your Roles
Something like
if (!Roles.RoleExists("TestRole"))
{
Roles.CreateRole("TestRole");
}
And then add that role to your user
Roles.AddUserToRole("TestUser", "TestRole");
You have to add role before you can assign it to a user
Do you mean like the Roles.AddUserToRoles Method?
Related
I am developing a MVC4 application with SimpleMembership. I have a table - "userInfo" in which I am storing user's information such as Name, Email, Address, Phone, Role etc. When I register a user, data is stored in this table and webpages_Membership. No data is stored in other Membership tables (OAuthMembership, Roles, UserInRoles).
When I login a user, it is validated using :
if (ModelState.IsValid && WebSecurity.Login(Model.Name, Model.Password, false))
it returns "True" but after this, I need to get the role of the registered user.
In SimpleMembership, does "Roles and UserInRoles" table provide registered user role or can I query the "userInfor" table and get roles from this table.
Please advice
Thanks in Advance
to get all available roles, assuming you have enabled Roles and added at least one..
var roles = (SimpleRoleProvider)Roles.Provider;
var allRoles = roles.GetAllRoles();
to get specific user's roles.
var userRoles = roles.GetRolesForUser("specificusername");
ref MSDN
Simple Membership does not come with any out of the box management pages for Roles. You are on your own to create them, or manage them directly through code/sql/ef etc..
Code examples...
Check for and creation of Admin role:
if (!Roles.RoleExists("Admin"))
Roles.CreateRole("Admin");
Adding user to role on creation:
if (!Roles.GetRolesForUser("specificusername").Contains("Admin"))
Roles.AddUsersToRoles(new[] {"specificusername"}, new[] {"Admin"});
ref adding-security-and-membership
You can user Roles.GetRolesForUser Method after your user logged in
Gets a list of the roles that the currently logged-on user is in.
Or if you want to check whether current user is in specified role you can use Roles.IsUserInRole Method
In my MVC3 application I have ASP.NET Membership roles like - Manager, System Admin and Editor
I am using Windows Authentication for the website and I am adding the users in the Network to the Membership just like in the following example -
http://weblogs.asp.net/scottgu/pages/Recipe_3A00_-Implementing-Role_2D00_Based-Security-with-ASP.NET-2.0-using-Windows-Authentication-and-SQL-Server.aspx
But, my problem is there are people who require multiple permissions. For example
User-John is the Manager of Department-ABC and he can see all the Actions in Department-ABC.
User-John is also Editor in Department-XYZ and he should be able to see all the Actions of an Editor in Department-XYZ;
but NOT the Actions of Manager; because he is not the Manager of Department-XYZ.
User Mathew is the Manager of Department-XYZ and he is an Editor in Department-ABC.
If I use normal role privileges, it will allow User-John to be the Manager of both departments and it is not right.
My solution is to store the DepartmentID, UserID and RoleID in a seperate table in SQL database and allow according to this table.
How can I get the role ID from ASP.NET Membership in C# and also in SQL?
Is it safe to do?
Is there a better solution?
Activity based membership would probably fit here.
In activity based membership your users get access to actions, not to roles.
Typical usage is:
One action = one activity
There are still roles given to users, but they are used to group activities
There is n..n relation between roles and activities
Activity is just a custom action filter that is applied to the action.
Typical example is here (although I don't like this approach, so I made my own implementation).
[Activity(Name="DoSomething")]
public ActionResult DoSomething()
{
...
return View();
}
Membership can be stored in ASP Membership database table, custom table or represented as AD group. Depends whether you implement custom membership provider or you use default implementation.
At the end, there has to be n..n relationship like RoleActivity, where you link the particular role to the activity (like Manager1 to both AddMemberToDepartment and AddComment, and Manager2 to just AddComment). This relation can be classic n..n database relation or 'virtual', where role is in AD and database table relates to it only via group name.
EDIT:
If you use default database role based authorization, table aspnet_Roles will be generated for you. To support activity based membership you will have to add your own activity table manualy, along with additional role-activity relation.
This schema should help you proceed.
aspnet_Roles (autogenerated)
* ApplicationId
* RoleId
* ...(other autogenerated columns)...
aspnet_MyActivity (add manually)
* ActivityId
* ApplicationId
* Name
* Description
aspnet_MyPermission (add manually)
* ApplicationId
* RoleId
* ActivityId
You can fill roles using membership provider.
Then fill manually your activities as your application needs them, say, one activity per action method.
Finally, manually add your activity permissions to roles.
Real world scenario
If your organization is small enough, it may be acceptable to add one role per department and one activity per action/deparment:
role: Dep. mgr. of ABC,
role: Dep. mgr. of XYZ,
activity: createAbcUser,
activity: createXyzUser
Connect them using appropriate permissions and you have your requirement covered.
However, for a large number of departments adding one role per department and giving activity permission for each of them can be a little awkward. In that case you should stick with simple role "Department manager" and simple activity "Create user", and give your manager permission to create user. However, you have to stop manager to create user in a different department - use your hierarchy for that, meaning, check if your user belongs to your manager.
Your action filter will then look like this:
check if any of current users roles has a permission to run that activity
check your hierarchy: does your current user have a permission to work on referenced user?
If both of these are true, action method can be executed.
NOTE: You will probably reference user by some input parameter, so your action filter has to access that parameter. See Getting the values of action parameters within an action filter to solve that.
I'm using FOSUserBundle and set up a User / Group environment.
I can give Roles to Groups and Users.
Basically I give the Roles to the Group.
Now, I want to revoke some Users in a Group a Role that is inherited from the Group.
Every time I unselect it in the UserAdminView ( SonataUserBundle ) it is rechecked again ( for sure, because it gets it from the Group)
Any Idea how to achieve that?
I thought about a extra field in the Usertable where all Roles that should be Revoked are listed.
Is there an easier opportunity?
What you're asking for is beyond the scope of FOSUserBundle, as far as I know. No matter what, when a user logs in, it's going to load all of the roles assigned to a specific user, and all of the roles in the groups a user is assigned to.
You may try to create a custom field under the User entity called 'denied_roles' or something of that nature. Then create a custom login listener (listening to 'security.interactive_login') that removes the 'denied_roles'.
I would like to know the number of users logged for each role into my ASP.NET application
i have an (Admin) role and the (rest) role
i want to know the Number Of Users Online for each one not the entire application what this method did :
Membership.GetNumberOfUsersOnline()
You will need to enumerate the users yourself. If you make use of
Membership.GetAllUsers()
you get a collection of all available users. Then you can loop through each user and check the IsOnline property to see if the user is online. To determine the roles of the user, you can make use of the methods in the Roles class.
For example, if you have two roles admin and rest, and you would like to display how many users are online in each role, you could do something like this:
var adminCount = 0, restCount = 0;
foreach ( var user in Membership.GetAllUsers().Where(u => u.IsOnline) )
if (Roles.IsUserInRole(user.UserName, "admin"))
adminCount++;
else if (Roles.IsUserInRole(user.UserName, "rest"))
restCount++;
// do something with adminCount and restCount
If you have more complicated role structure, or many roles, you could use a map to store the count per role. The logic is up to you what you want to accomplish, this should provide all the pieces necessary to express your custom counting logic.
in my Project i need to define 3 roles :
SuperAdmin
Admin
RegisteredMembers
I also have Table which named "Users" that stores information such as:
fristName
lastName
Birthday
Username
Password
.
.
.
and etc
How can i make Roles recognize which user is for which Role when users try to log on to website?
First of all you creating a Users table is just the first step. You also need a Role table and a UserRole many-to-many relationship table to store which user belongs to which role(In a simple scenario).
That's for the database part of the whole concept.
Then, on the code side...since you're providing different tables than the ones in the AspNetMembership you need to also implement a custom membership provider, custom role provider and presumably a custom membership user.