MVC4 SimpleMemberhip Intranet webapp with Custom Roles

D

2

0

I am using SimpleMembership with WebMatrix. Since its an Intranet webapp, I am using the exisitng domain users in combination with custom roles and storing them in local webpages_ tables. I am trying to develop classes to manage the users & roles. Perhaps I am going about this the wrong way, but here is what I have and below where I am stuck.

Setting this in global.asa

 WebSecurity.InitializeDatabaseConnection("SqlRoleManagerConnection", "webpages_Users", "UserID", "Username", false);

Setting this in web.config (other sources said to add roleManager=true section but it currently works without it)

<!--<roleManager enabled="true" defaultProvider="SqlRoleManager">
  <providers>
    <clear />
    <add name="SqlRoleManager" type="System.Web.Security.SqlRoleProvider" connectionStringName="SqlRoleManagerConnection" applicationName="YourAppName" />
  </providers>
</roleManager>-->

<httpRuntime targetFramework="4.5" />
<authentication mode="Windows" />
<authorization>
  <allow roles="Managers" />
  <allow users="?" />
</authorization>

Data Access class (used by controllers)

  public class Membership
{
    private OFACDB _db = new OFACDB();

    public string UserID { get; set; }
    public string UserName { get; set; }
    public string RoleName { get; set; }
    public string Name { get; set; }
    public const string Domain = "LAN\\";

    public void Delete()
    {
        Roles.RemoveUserFromRole(this.UserName, this.RoleName);
    }

    public void AddMemberToRole()
    {
        if (!Roles.IsUserInRole(Membership.Domain + this.UserName, this.RoleName))
            Roles.AddUserToRole(Membership.Domain + this.UserName, this.RoleName);
    }

    public void AddMember()
    {
        webpages_Users member = new webpages_Users();
        member.Username = Membership.Domain + this.UserName;
        _db.webpages_Users.Add(member);
        _db.SaveChanges();
    }

    public void DelMember(string id)
    {
        webpages_Users member = _db.webpages_Users.Find(id);
        _db.webpages_Users.Remove(member);
        _db.SaveChanges();
    }
}

public class MembershipViewModel : List<Membership>
{
    private OFACDB _db = new OFACDB();
    //public List<webpages_Users> UserView { get; set; }

    public IQueryable<webpages_Users> GetAllRecords()
    {
        var view = _db.webpages_Users
                .OrderBy(v => v.Username);
        return view;
    }

    public void GetAllRoleUsers(string role) //Get application's users
    {
        if (Roles.RoleExists(role))
        {
            foreach (var item in Roles.GetUsersInRole(role))
            {
                var user = new Membership();
                user.UserName = item;
                user.Name = item;
                user.RoleName = role;
                this.Add(user);
            }
        }
    }

    public void GetNetworkUsers() //Get Network Users (AD)
    {
        var domainContext = new PrincipalContext(ContextType.Domain);
        var groupPrincipal = GroupPrincipal.FindByIdentity(domainContext, IdentityType.SamAccountName, "Domain Users");

        foreach (var item in groupPrincipal.Members)
        {
            var user = new Membership();
            user.UserName = item.SamAccountName;
            user.Name = item.Name;
            this.Add(user);
        }
    }
}

And controller controls access by roles

        [Authorize(Roles = "Admins")]
    public ActionResult Index()
    {
        var users = new MembershipViewModel();
        users.GetAllRoleUsers("Managers");
        return View(users);
    }

ADVICE? I use Roles.GetUsersInRole to list out users in a role, but I can't delete them very easily as this call does not return UserIDs and if I use the username to find/delete record, then it is escaped in the URL because the usernames contain the domain\ characters.

/Account/Delete/LAN%5CLAN%5Ctest

Looking for advice on perhaps taking a different approach to these classes if anyone else has done this before. Do i need to use a Membership Provider and Role Provider?

Dudden answered 30/1, 2013 at 18:35 Comment(7)

How do you call the Action /Account/Delete/? – Lineage 30/1, 2013 at 19:28

@Pabloker from a table of users using @Html.ActionLink("Delete", "Delete", new { id = item.UserName }, new { onclick = " return DeleteConfirm()" }) This is to del userr from role, but if I wanted to delete the user completely, I have no id to reference them. I am thining my overall approach could be designed better, just not sure which direction to go. – Dudden 30/1, 2013 at 21:50

Remember..with this your are creating roles and then you are assigning users to those roles. You are not creating users. Users exist in AD. If you remove an user from all roles that belongs...user wont exist. – Lineage 30/1, 2013 at 22:2

@Pabloker Understood, but I am adding the AD username to my Users table which is mapped to UsersInRoles and Roles tables – Dudden 30/1, 2013 at 22:8

Ok. Why did you do that? You need store extra user's information, don't you? – Lineage 30/1, 2013 at 22:28

@Pabloker i think we are both missing something. I am storing just the AD username in the users table so my contoller can restrict access by roles (see orig post updated with controller code). I dont store anything but the AD username which can be mapped to the Roles. – Dudden 30/1, 2013 at 22:45

In my application I don't store user's names like you. The role provider stores users, roles, application name, etc automatically in its own SQL Server database. – Lineage 30/1, 2013 at 23:7

H

0

We recently worked on a membership implementation that required Roles management and came across a nuget package called Security Guard.

http://www.mvccentral.net/Story/Details/tools/kahanu/securityguard-nuget-package-for-asp-net-membership

I will note right away that this package was not built to work with the SimpleMembership provider. SMP includes a basic subset of functionality which makes editing user records difficult. However, despite the limitations of SMP we were still able to combine native registrations, OAuth registration and roles management after customizing the functionality.

Hygrostat answered 30/1, 2013 at 21:34 Comment(1)

Thx, I will look into this. But feeling that I might prefer a solution around SimpleMembership since I am using AD and dont need to manage the users other than add/del them in Users table and mapping them to Roles. – Dudden 30/1, 2013 at 22:11

S

0

I wanted to make a comment only but I couldn't because I only have a lowly 44 points rep.

I know this is old but I was looking for the same thing and wanted to add to the comments above between the @Vic which has his own DB vs. @Pabloker which uses the builtin DB. I guess asp.net has its own script in creating this database and is explained in this blog

cd \Windows\Microsoft.NET\Framework64\v4.0.30319
.\aspnet_regsql -C "Data Source=localhost;Database=ACME.Config;Integrated Security=True;" -A r

Santee answered 2/4, 2015 at 21:56 Comment(0)

Recommended topics

Hot tags