ASP.NET: Total control of the ASP.NET membership provider - asp.net

I have an application which uses the built in ASP.NET membership provider. There are two roles (admin and staff). I want admins to be able to see a list of current staff, add or delete staff and reset passwords. So far I've found very little information, but Membership.Provider.GetAllUsers looks promising. Is there any way I could show the list in a GridView?
At minimum, I need to be able to add and delete users through the site.

For an extensive guide on using the Membership and Roleprovider in ASP.NET, see this tutorial: https://web.archive.org/web/20210513220018/http://aspnet.4guysfromrolla.com/articles/120705-1.aspx
Creating users programmatically is explained here: http://msdn.microsoft.com/en-us/library/d8t4h2es.aspx.
But really, MSDN is very complete on this subject. Just read the Introduction into Membership and follow the links. Everything you want is perfectly possible.

I found an excellent tutorial at https://web.archive.org/web/20211020111539/https://aspnet.4guysfromrolla.com/articles/052307-1.aspx which made the whole thing slightly less murky. A nightmare to implement but it's almost working. Thanks for the replies.

If you're using SQL Server, you can use the default SqlMembershipProvider class in System.Web.Security to perform the user management tasks you require. GetAllUsers() returns a string array, so you can databind your GridView to the result from this method to display a list of user names in your grid.

Related

ASP.NET: How do I create a widget/user control that can be used with other solutions?

I am looking to create a widget that can be used with other solutions. The widget is a competition widget that can be placed in different parts of the site.
What is the best way to do this? Should I create a new solution to hold this in?
Create a new class library project (you can have it within your current solution if it suits) and create your server controls in there. You can then reference this library from whatever websites you need.
You need to create a Web Control, not a User Control, if you want o use it in other projects. This question details the different control types, you may find it useful:
What is the difference between UserControl, WebControl, RenderedControl and CompositeControl?
Here is relatively simple tutorial on creating a custom WebControl:
Create ASP.NET Server Controls from Scratch
And here some more advanced example from MSDN:
Developing Custom ASP.NET Server Controls
It depends if you will be using it in other solutions really. If you are, then if might make more sense to create a new widgets solution with each widget in its own user control and compile it into an assembly.
Then you just reference that assembly and use it in your markup.
If your widget is only going to be used in a single solution then I wouldn't bother with the above. Just create a user control in the same solution.
As opposite of some answers, you should create user controls with embedded resources.
It is complex to do it, but once you do you will be able to develop controls like RadControls from Telerik.
If you open up their controls you will see that they are all embedded resources on the Telerik.Web.UI.dll.
Here is an old answer of mine that shows how to load the control and how to handle embedded resources (virtual path provider)
Unless you have a good reason to do so (like creating a generic control as a calendar, grid or something like that) don't go this way, it is dark, complex... But as you can see it might be worth it, Telerik.Web.UI is the live example that this can work out.

Extending ASP.NET Role provider in MVC

I want know if this can be done and if there is somewhere that you can point me in the right direction.
Basically, at the moment, i am using the built in Role Provider for asp.net, on my controller actions, i use a custom attribute filter as described here.
But what i would like to do is extend it even further to do something like this:
Admin - View, Edit, Delete
Manager - View, Edit
So basically, granular permissions. I have searched around on the net, but can't seem to find any way of doing this without writing my own authentication/authorisation providers :(
Any help would be greatly appreciated!!
Cheers,
Nick
There are several ways to tackle this. The easiest (but not necessarily best) way is to have partial views with the navigation elements, view/edit/delete and if statements surrounding each link checking the currebt User's role.
Alternatively, at the other end of the spectrum is something called AzMan (Microsoft's Authorisation Manager) which allows you to create very granular role and task-based authorizations.
AzMan been around for ages but as far as I know it is now incorporated into MS's enterprise library.

How do I customize the Membership database tables created by ASP.NET?

I want to add custom columns to some tables created by ASP.NET.
For example; I need to add two fields such as FirstName and LastName to the aspnet_Membership table.
I can add this directly by editing the table but;
Is this the right thing to do (I mean; extending the table directly) OR should I create a separate table and hold the extra user data, there?
How can I see these custom database fields as properties in code completion? example: membershipuser.FirstName;
thanks.
You would typically use profiles to store user related meta data. This requires only simple configuration and no custom provider implementation.
You should only ever consider custom implementation of the battle tested security related providers when you absolutely must.
here is a link to a fine example of implementing profiles in asp.net.
There is a nice library that provides you with custom membership and profile stuff.
http://altairiswebsecurity.codeplex.com/wikipage?title=Simple%20SQL%20Providers&referringTitle=Home
make a custom membership provider! this will give you the basic idea. just extend the existing asp.net membershipprovider
http://www.davidhayden.com/blog/dave/archive/2007/10/11/CreateCustomMembershipProviderASPNETWebsiteSecurity.aspx
you could also go with the membership provider starter kit if your app is MVC'ish at codeplex
http://mvcmembership.codeplex.com/
I recommend you to create a custom membership provider if your application requires features that go beyond the basics provided by the ASP.NET Membership Provider.

ASP.net feedback form

i want to implement a sort of feedback form/survey form in asp.net which is linked to a database. can any one help on any good tutorials or articles
i want to create a asp.net application which will take questions from a database then display them on the form. once the user has finished the survey the results will be stored into the database.
can any one help me !!
http://www.asp.net/learn is the first place you should go.
There is a wealth of videos, tutorials, and documentation.
Look for the beginner videos.
Edit
They changed their site. I'd start here:
http://www.asp.net/web-forms/
and go here later
http://www.asp.net/mvc/
This can be easily achieved with an ASP.NET MVC application.
Take a look at the ASP.NET MVC Tutorials.

What's the best way to implement different views for a website based on role?

In ASP.NET what's the best way to do the following:
Show certain controls based on your rights?
For a gridview control, how do you show certain columns based on your role?
I'm thinking for number 2, have the data come from a role specific view on the database.
Instead of actually using roles to hide/show certain controls, I would suggest having another layer of permissions for each role and show/hide based on those instead.
That way you can redefine what permissions a role has and won't have to change your code.
Also, this allows you to make new roles in the future and just assign a set of permissions to the role.
As for controls, yes... I would just set the Visible property on the control based on the user.IsInRole("permissionname") value.
For grids I would do the same... set the Visibility of the columns to the IsInRole boolean value.
//Delete Icon Column
gridViewContacts.Columns[0].Visible = user.IsInRole("DeleteAnyContact");
I would make create your permissions in a very granular nature.. such as
ViewAnyContact
ViewOwnContact
EditOwnContact
EditAnyContact
AddAnyContact
DeleteOwnContact
DeleteAnyContact
Etc...
If you're going the role-based route, ASP.NET (since version 2.0) has had a variety of membership controls available which might help in this scenario. Assuming (and this could well be a faulty assumption) that you're using the in-box membership provider, you can actually use the LoginView control to get #1 handled.
The way it works is that the LoginView can use RoleGroups and their associated ContentTemplates to customize the view for the user based on role. This works seamlessly with the in-box membership provider; I believe if you build your own membership provider based on Microsoft's technology it will also work. (I haven't done this latter step.)
Conceivably, you could use it for #2, but it'd wind up with duplicated code and effort, which isn't my personal preference. I think your choice of using role-specific SQL views to drive that table may be better than this option. (There are other options as well, of course, which may be better.)
I will second Elijah Manor's recommendation of using permissions instead of roles. Generally, that's my preference as well. (And I was surprised to discover that the membership provider technology didn't go to that level.) In any permission-centric scenario, though, you will essentially have to roll everything yourself. (I've done this, and while it's very flexible, the code to secure any given page can get hairy.)
EDIT: I apologize; I meant to include a link for the LoginView control. DotNetJunkies has a tutorial on it.

Resources