Friday, November 30, 2007

asp.net 2.0 Security: a role management module in C#

instead of everytime developing the code to manage roles in the aspnetdb database, it is just as easy to put all the logic and code inside a user control. the control has one property, which is the UserName, once we have the username, we can add that user to a role, or to many roles, as well as removing the user from different roles.

in a few screenshots and code, I hope this article will help getting up to speed with asp.net 2.0 roles management.

here's a screen shot of the screen :

bct-129
in this case we use numbers for roles 1, 2, 3 and Administrator

image
1. Code for binding the combobox

public void BindAllRoles()
{
this.DropDownList1.DataSource = Roles.GetAllRoles();
this.DropDownList1.DataBind();
}



2. Code for Binding the Grid: the grid only contains the roles the use is in.




public class BearCatRoles
{
private string mRoleName;

public string RoleName
{
get { return mRoleName; }
set { mRoleName = value; }
}

}





public void BindRolesForUser()
{
string[] roleslist = Roles.GetRolesForUser("the user name goes here");
int i = 0;
BearCatRoles br;
List<BearCatRoles> lstbr = new List<BearCatRoles>();

foreach (string brole in roleslist)
{
br = new BearCatRoles();
br.RoleName = brole;
lstbr.Add(br);
}
this.GridView1.DataSource = lstbr;
this.GridView1.DataBind();

}




in The code above:


we have a class called BearCatRoles (BearCat is a specific entity,
to not confuse it with roles. the class is used to bind the grid
to a Generic list List<BearCatRoles>
for the BindRolesForUser() function :
1. we get the roles list for the speicific user
2. we loop through the array of roles, and fill a list of the BearCatRoles Class, then bind our grid.
3. What is necessary is to decide where to bring the userName from.
For the button's click event, here's the code:



if (Roles.FindUsersInRole(this.DropDownList1.SelectedItem.Text, "user name goes herer").Length == 0)
Roles.AddUserToRole(this.HiddenField1.Value, this.DropDownList1.SelectedItem.Text);
BindRolesForUser();



For the gridview's delete command, here's the code:




protected void GridView1_RowCommand(object sender, GridViewCommandEventArgs e)
{
if (e.CommandName == "Delete")
{
Roles.RemoveUserFromRole(this.HiddenField1.Value, e.CommandArgument.ToString());
BindRolesForUser();
}
}



Most important Lines in this module:




if (Roles.FindUsersInRole(this.DropDownList1.SelectedItem.Text, "user name goes herer").Length == 0)
Roles.AddUserToRole(this.HiddenField1.Value, this.DropDownList1.SelectedItem.Text);




Roles.RemoveUserFromRole(this.HiddenField1.Value, e.CommandArgument.ToString());




string[] roleslist = Roles.GetRolesForUser("the user name goes here");




this.DropDownList1.DataSource = Roles.GetAllRoles();



 



Here's the markup:




<asp:DropDownList ID="DropDownList1" runat="server" Width="226px">
</asp:DropDownList>
<asp:Button ID="Button1" runat="server" OnClick="Button1_Click" Text="Add Role For User" />
<asp:GridView ID="GridView1" runat="server" CellPadding="4" ForeColor="#333333" GridLines="None"
OnRowCommand="GridView1_RowCommand" OnSelectedIndexChanged="GridView1_SelectedIndexChanged"
OnRowDeleting="GridView1_RowDeleting">
<Columns>
<asp:TemplateField>
<ItemTemplate>
<asp:LinkButton ID="LinkButton1" CommandName="Delete" CommandArgument='<%# Eval("RoleName") %>'
runat="server">Delete</asp:LinkButton>
</ItemTemplate>
</asp:TemplateField>
</Columns>
<FooterStyle BackColor="#5D7B9D" Font-Bold="True" ForeColor="White" />
<RowStyle BackColor="#F7F6F3" ForeColor="#333333" />
<PagerStyle BackColor="#284775" ForeColor="White" HorizontalAlign="Center" />
<SelectedRowStyle BackColor="#E2DED6" Font-Bold="True" ForeColor="#333333" />
<HeaderStyle BackColor="#5D7B9D" Font-Bold="True" ForeColor="White" />
<EditRowStyle BackColor="#999999" />
<AlternatingRowStyle BackColor="White" ForeColor="#284775" />
</asp:GridView>



and Finally: in the web.config, concerning the roles, the following need to be defined:




<roleManager enabled="true" />



Comments are always welcome

1 comment:

Anonymous said...

do you have to be an administrator
i get NO errors but
Roles.GetAllRoles() returns nothing. i am a developer but not in the administrator group.