German Wear Discount Shop - Click Here Write for Dotnet-friends and earn for your each submission [Dot]Net-Friends
Skip Navigation Links
Home
Latest
Fast Code
Articles
Tutorials
Online Resources
Forums
Login   | Hi, Guest


Manage Roles in your Web site using ASP .NET 2.0

Written by omerkamal on Jul 03, 2007
How to work with ASP .NET 2.0 Users Role Management?

What are Roles?                                                               Download: RolesManagementTool.rar

Every Employ of a company have its own kind of responsibilities and duties. This decides the circle of his job and performance of the work related activities. This also defines the limitations of his approach to the secure data of the company which is most of the time called "Business Secrete". For example an HR Manager and an Account Assistant have their own kind of Work.

Same in the web development we have to decide that which member can access which area of the website. There could be some kind of Roles like Users, Forum Moderators, Managers and an Admin.

How to create a Role?

If your web site is still in construction phase and it’s on your local PC then you can use ASP .NET Management Tool.

1st method:

If your website is still not launched.... I mean it’s on your home PC then you can use the ASP .NET Configuration Tool.

Go to Project menu > ASP .NET Configuration

It will open a new page for you. This is called ASP .NET Web administration Tool. Click Security and Click enable roles user Roles if they are still not enabled or you are using the Tool for 1st time.

Now click the "Create or Manage roles" link. This will open a new page for you. Here, name your new Role, say "Members" and click the "Add Role" button.

Now you have the "Members" Role. Now you have to decide which folder should only be allowed to the Members.

Click again the "Security" Tab. this will bring you again to main page for security.

Now click "Create Access rules" ... this will open a new Page.

Here under the "Select a directory for this rule" column select your Folder Say you have a Folder named "Users".

Make sure that your Role "Members" is selected under "Rule applies to“ column select the "Allow" Radio button under “Permission” column, Click the “Ok” Button to apply your changes.

 

2nd Method:

Your website is already launched… you created some roles and have some registered Users… OR you just want to create a Roles Management Tool for later time ... In both cases this method suits you.

You have to create a Roles Management Page where you can create and delete the roles. So let’s do it step by step.

1.      Create a Project Name it “RolesManagementTool

2.      Execute the Website one time. This will create the Web.config file for you if it was not created. Click Ok Button when the Environment asks about enabling the Web.config Debug.

3.      Go to Project menu > ASP .NET Configuration and run the tool once so it create the default users Management Database “ASPNETDB.MDF” for you.

4.      This is a demo Project so we won’t create any Master Page or any CSS files. We are directly going to create Folder for the Web Admin… call it “Admin”.

5.      Add a new page to the Admin Folder … call it “RolesManager.aspx”… also select the Checkbox “place code in separate file”.

6.      Add the following code to the Page side:

 

<center style="margin-top:50px">

<h3>

Roles Managementh3>

<br />

<asp:Label ID="Msg" ForeColor="maroon" runat="server" />

<table cellpadding="10" cellspacing="10" border="1" rules="all">

<tr>

<td>

<table cellpadding="3" cellspacing="1" rules="none" align="center" border="1" style="border-style: solid">

<tr>

<td colspan="2">

<h3>

Create a new Roleh3>

td>

tr>

<tr>

<td>

<asp:TextBox ID="TextBoxCreateRole" runat="server" Width="137px">asp:TextBox>

td>

<td>

<asp:Button ID="ButtonCreateRole" runat="server" Text="Create Role" OnClick="ButtonCreateRole_Click" />

td>

tr>

table>

td>

tr>

<tr>

<td>

<table height="70px" cellpadding="3" style="border-style: solid" cellspacing="1"

border="1" rules="none" align="center">

<tr>

<td colspan="2">

<h3>

Delete the selected Roleh3>

td>

tr>

<tr>

<td>

<asp:DropDownList ID="DropDownListRoles" runat="server" Width="137px">

asp:DropDownList>

td>

<td>

<asp:Button ID="ButtonDeleteRole" runat="server" Text="Delete Role" OnClick="ButtonDeleteRole_Click" />

td>

tr>

table>

td>

tr>

table>

center>

 

7.      Now, add the following code to the Page code behind.

  

      protected void Page_Load(object sender, EventArgs e)

    {

        string[] rolesArray;

        MembershipUserCollection users;       

        Msg.Text = "";

 

        if (!IsPostBack)

        {

            // Bind roles to ListBox.

            rolesArray = Roles.GetAllRoles();        

 

            DropDownListRoles.DataSource = rolesArray;

            DropDownListRoles.DataBind();         

        }

    }  

 

    protected void ButtonDeleteRole_Click(object sender, EventArgs e)

    {

        string str = DropDownListRoles.SelectedValue;

        if (!(str == "Administrators"))

        {

            Roles.DeleteRole(str);

            Response.Redirect(Request.FilePath, false);

        }

        else

            Msg.Text = "'Administrators' Role can not be deleted";

    }

 

    protected void ButtonCreateRole_Click(object sender, EventArgs e)

    {

        Roles.CreateRole(TextBoxCreateRole.Text);

        Response.Redirect(Request.FilePath, false);

}

 

8.       Create a new page „ ManageUsers.aspx“ and add the following code to the Page side.

 

 

<center style="margin-top: 50px">

<h3>

Users Managementh3>

<br />

<asp:Label ID="Msg" ForeColor="maroon" runat="server" />

<table cellpadding="10" cellspacing="10" border="1" rules="all">

<tr>

<td>

<table cellpadding="3" cellspacing="1" rules="none" align="center" border="1" style="border-style: solid">

<tr>

<td colspan="3">

<h3>

Add User to The Selected Roleh3>

td>

tr>

<tr>

<td>

Users:td>

<td colspan="2" align="left">

<asp:DropDownList ID="UserDropDownList" runat="server" />

td>

tr>

<tr>

<td>

Roles:td>

<td align="left">

<asp:DropDownList ID="RolesDropDownList" runat="server" />

td>

<td>

<asp:Button Text="Add to the Role" ID="Button2" runat="server" OnClick="AddUsers_OnClick" />td>

tr>

table>

td>

tr>

<tr>

<td>

<table cellpadding="3" cellspacing="1" border="1" align="center" style="border-style: solid"

rules="none">

<tr>

<td colspan="2">

<h3>

Show Users in the selected Roleh3>

td>

tr>

<tr>

<td valign="middle" height="50px">

<asp:Button Text="List Users In Role" ID="Button1" runat="server" OnClick="ListUsers_OnClick" />

<asp:DropDownList ID="RolesDropDownList2" runat="server" />

td>

tr>

<tr align="center">

<td valign="middle">

Users In Role:<br />

<asp:GridView runat="server" CellPadding="4" ID="UsersInRoleGrid" AutoGenerateColumns="false"

GridLines="None" CellSpacing="0" AllowPaging="true" AllowSorting="True" PageSize="25"

OnRowCommand="UsersInRoleGrid_RemoveFromRole">

<HeaderStyle BackColor="navy" ForeColor="white" />

<Columns>

<asp:TemplateField HeaderText="User Name">

<ItemTemplate>

<%# Container.DataItem.ToString() %>

ItemTemplate>

asp:TemplateField>

<asp:ButtonField Text="Remove From Role" ButtonType="Link" />

Columns>

asp:GridView>

td>

tr>

table>

td>

tr>

table>

center>

 

9.      Add the following code to the Page code behind.

 

protected void Page_Load(object sender, EventArgs e)

    {

        string[] rolesArray;

        MembershipUserCollection users;     

        Msg.Text = "";

 

        if (!IsPostBack)

        {

            // Bind roles to ListBox.

            rolesArray = Roles.GetAllRoles();

            RolesDropDownList.DataSource = rolesArray;

            RolesDropDownList.DataBind();          

 

            RolesDropDownList2.DataSource = rolesArray;

            RolesDropDownList2.DataBind();

 

            // Bind users to ListBox.

            users = Membership.GetAllUsers();

            UserDropDownList.DataSource = users;

            UserDropDownList.DataBind();

        }

    }

 

    public void AddUsers_OnClick(object sender, EventArgs args)

    {

        string[] newusers =

                 new string[1] { UserDropDownList.SelectedValue };

 

        // Add the users to the selected role.

        try

        {

                   Roles.AddUsersToRole(newusers, RolesDropDownList.SelectedItem.Value);

            Msg.Text = "User:\"" + newusers[0] + "\"is added to the Role:\"" + RolesDropDownList.SelectedItem.Value + "\"";

        }

        catch (Exception e)

        {

            Msg.Text = e.Message;

        }

        Response.Redirect(Request.FilePath, false);

    }

 

    public void UsersInRoleGrid_RemoveFromRole(object sender, GridViewCommandEventArgs args)

    {

        // Get the selected user name to remove.

        int index = Convert.ToInt32(args.CommandArgument);

            string username = ((DataBoundLiteralControl)UsersInRoleGrid.Rows[index].Cells[0].Controls[0]).Text;

 

        // Remove the user from the selected role.

        try

        {

            Roles.RemoveUserFromRole(username, RolesDropDownList2.SelectedItem.Value);

            Msg.Text = "User:\"" + username + "\"is removed from the Role:\"" + RolesDropDownList2.SelectedItem.Value + "\"";

        }

        catch (Exception e)

        {

            Msg.Text = "An exception of type " + e.GetType().ToString() +

                       " was encountered removing the user from the role.";

        }

 

        string[] usersInRole;

        // Re-bind users in role to GridView.

        usersInRole = Roles.GetUsersInRole(RolesDropDownList2.SelectedItem.Value);

        UsersInRoleGrid.DataSource = usersInRole;

        UsersInRoleGrid.DataBind();

    }

 

    public void ListUsers_OnClick(object sender, EventArgs e)

    {

        string[] usersInRole;

        if (RolesDropDownList2.SelectedItem != null)

        {

            usersInRole = Roles.GetUsersInRole(RolesDropDownList2.SelectedItem.Value);

            UsersInRoleGrid.DataSource = usersInRole;

            UsersInRoleGrid.DataBind();

        }

    } 

 

10.   Also add Login and Registration pages to the Project. use Login and CreateUserWizard Controls for that (code can be viewed in the attached demo Project)

11.   Do some changings in the Web.config add these lines of code inside <system.web> system.web> Tag.

   

<roleManager enabled="true" />

    <authentication mode="Forms">

      <forms loginUrl="Login.aspx" protection="Validation" timeout="30"/>

    authentication>

    <authorization>

      <allow users="*"/>

    authorization>  

 

12.   add restriction to the Admin Folder add these lines of code just under  <system.web> system.web> end tag:

 

<location path="Admin">

    <system.web>

      <authorization>

        <allow roles="Admin"/>

        <deny users="*"/>

      authorization>

    system.web>

  location>

 

Download the code for more explanation.              Download: RolesManagementTool.rar

Visitors/Readers Comments
(for questions please use The Forum)



Senthrax
Lookin very good, very helpfull and clearly explained. I'll be workin on this tomorrow

Greetings

03/07/2007 15:33:05 UTC

Vipin
itz Very much  helped me, thank u...

07/09/2007 02:37:35 UTC

lastdonuk
Hi, this is excellent, thanks for the clear instructions and layout. It's a shame that I had to search so hard for this. There are a million pages on the microsoft site but they ALL assume that you've been using .NET for years and don't explain themselves simply! This is great, thanks...very helpful.

07/11/2007 08:07:44 UTC

George
Good day,
Thank you so much for this codes. They have been very useful, but
please, how do I enable a user assigned to two roles view only a particular menu assigned to a role when he logs in.
It's very urgent.
Thank you for your quick response.

13/06/2008 08:29:10 UTC

Dreamz
Hope u r well experience person. You have explain in a way tat unknow programmer can understand. Thanks so much for ur valuable explanation..

07/07/2008 06:32:32 UTC




Add your Comments

Name:  
Message:
Note: For faster response please use Forums >> for your questions instead of the comments area! (Admin)