ansaurus

Question

ASP.NET Role, RolePrivider, ASP.net sql server setup wizard

Answer 1

+1 A:

If you have already wired Authentication and Membership using SQL Server in your site it will be easy for you. Just follow these steps:

Create role store on sql server

   aspnet_regsql -S .\SQLExpress -E -A r

    -S specifies the server, which is (.\SQLExpress) in this example.
    -E specifies to use Windows authentication to connect to SQL Server.
    -A r specifies to add only the role provider feature.

Add connection string for role provider:

<connectionStrings>
  <add name="MyLocalSQLServer"
       connectionString="Initial Catalog=aspnetdb;
      data source=.\sqlexpress;Integrated Security=SSPI;" />
</connectionStrings>

Add role manager:

<system.web>
  <roleManager enabled="true" defaultProvider="MySqlRoleProvider" >
    <providers>
      <clear/>
      <add name="MySqlRoleProvider" connectionStringName="MyLocalSQLServer"
           applicationName="MyAppName"
           type="System.Web.Security.SqlRoleProvider" />
    </providers>
  </roleManager>
</system.web>

Now you can use Role based stuff in your pages (supposing you have already enabled authentication [windows or forms])

Test ASPX:

    All Defined Roles: <asp:Lable id="lblAllRoles" runat="server" /><br/>
    Your Roles: <asp:label id="lblMyRoles" runat="server" /><br/>

Codebehind:

    protected void Page_Load(object sender, EventArgs e)
    {
        //here we are supposing that user is already authenticated

        StringBuilder sb=new StringBuilder();

        //gets roles for currently authenticated user
        var roles = Roles.GetRolesForUser();            

        foreach (var v in roles)
            sb.Append(", " + v);

        lblMyRoles.Text = sb.ToString();
        sb.Remove(0,sb.Length);

        string [] allRoles = Roles.GetAllRoles();
        foreach(var v in allRoles)
           sb.Append(", " + v);

        lblAllRoles.Text = sb.ToString();
    }

Simillarly you can use Role.IsUserInRole("ROLE_NAME") to check if user is assigned particular role.

TheVillageIdiot 2009-09-06 17:45:18

@TheVillageIdiot, can you plz tell me, shoult I check the role by using Role.IsUserInRole("ROLE_NAME") in the page_load event? If yes, then can you tell me any other technique?

JMSA 2009-09-06 19:43:40

Say on your site there is a page that only the users in ADMIN role should access then you can utilize this method **Role.IsUserInRole("ADMIN")** in page_load event. If you don't want to test in **Page_Load** you can move it to **OnPreInit** and if user is not in role redirect to another page. You can also use **User.IsInRole** function also.

TheVillageIdiot 2009-09-06 20:37:20

Then I can drop the roleship info from web.config file. Isn't it?

JMSA 2009-09-06 20:58:42

I mean, can I use any other technique than testing the Role in Page_Load, OnPreinit, etc? Any automated technique?

JMSA 2009-09-06 21:00:14

No you cannot. Then the role provider will not work. If you are going to use your custom classes to query database (aspnetdb) for roles assigned to user and manager roles then you can drop stuff from config file. **Automated** way is to define the roles allowed for different directories and files in web.config like: <location path="admin.aspx"><system.web><authorization><allow roles="admin"/></authorization></system.web></location>

TheVillageIdiot 2009-09-07 03:29:24

Answer 2

A:

You can use the standard Login Usercontrols to authenticate users or do this manually, see http://stackoverflow.com/questions/1372518/asp-net-role-provider-vs-membership-provider/1372562#1372562 for code and explanation.

Mark Redman 2009-09-06 17:48:43

ansaurus

tags:

views:

answers:

ASP.NET Role, RolePrivider, ASP.net sql server setup wizard

related questions