Role management with ASP.NET inbuilt controls

Question

I am using the ASP.NET inbuilt login and role management solution (creates table like aspnet_Users etc. and gives access to MembershipUser and the such).

However, at this stage I am a bit stuck with the following:

1) I need to be able to Suspend, Unsuspend and Delete (not necessary remove from table, just disable) users from my app. Is this feature inbuilt?

2) I need to have three different user roles, where one of the roles is always assigned by default. Currently I have built an app with no roles. Is ASP.NET capable of doing this?

Answer 1

1. I don't think that's available by default, but should be fairly easy to add in.
2. Roles are supported in the default implementation. However, you'll have to define and assign the roles yourself.

Answer 2

1. There is a built-in DeleteUser method. It calls a stored procedure named dbo.aspnet_Users_DeleteUser. You can change that stored procedure to suspend a user instead of deleting them.
2. Similarly, there is a built-in CreateUser method which calls a stored procedure named dbo.aspnet_Membership_CreateUser which you could modify. Or, you could use the Roles.AddUserToRole method to set the default role when the user is created, calling it in your CreateUser method (which would first Membership.CreateUser)

Answer 3

ASP.NET Membership has concepts for "Approved" and "Locked out" (after X number of failed log in attempts) for users, you can probably use those features for suspending users. 4guysfromrolla.com had a great article series on Examining ASP.NET's Membership, Roles, and Profile , it's worth a look.