5,699,997 members and growing! (22,677 online)
Email Password   helpLost your password?
Web Development » ASP.NET » Utilities     Beginner License: The Code Project Open License (CPOL)

Custom Membership,Role Providers,Website Administration Tool,Role Based Access to individual files

By Amit Kumar Thakur

Custom Membership and Role Providers,Website Administration Tool,Role Based Access to individual files
C# (C# 2.0, C#), HTML, Javascript, CSS, .NET (.NET, .NET 3.5, .NET 3.0, .NET 2.0, Mono, DotGNU), ASP.NET, IIS (IIS 6, IIS 7, IIS), CEO, Architect, DBA, Dev, QA

Posted: 28 Dec 2007
Updated: 2 Sep 2008
Views: 12,425
Bookmarked: 24 times
Announcements
Loading...



Search    
Advanced Search
Sitemap
5 votes for this Article.
Popularity: 1.94 Rating: 2.78 out of 5
0 votes, 0.0%
1
2 votes, 40.0%
2
0 votes, 0.0%
3
2 votes, 40.0%
4
1 vote, 20.0%
5
Note: This is an unedited contribution. If this article is inappropriate, needs attention or copies someone else's work without reference then please Report This Article
Sample Image - maximum width is 600 pixels

Introduction

I present here sample custom membership provider and custom role provider. This gives the idea how we can easily implement our own custom providers using our own simple custom database.

In addition to it I provide complete website administration tool which can edit the website settings. It has both create/edit/manage users and create/edit/manage roles facility.

Finally I introduce a different approach towards role based access control to individual files itself. The information about multiple aspx files is stored in "Activities" database. Through website administration tool we can assign role based access rights to individual aspx files. ( The code is just an example for the point which I want to make. I have tested the providers but the activities module has not been tested for production yet. I would appreciate feedback and expert's advise as well for the same so that I am able to improve it. )

If you want to override my approach with the default role based access to the directories, try storing the location to the folders instead with "/" included at the end. I have written two methods "allowfolderaccess" and "denyfolderaccess" using the classic System.Web.Configuration approach.

Background

If we want form based authentication and role based authorization in our website, we can use the Membership API and Role API of the .Net Framework. The fun in using this feature is that, if you do not want to create your own classes and database structure and still want a strong membership and role management feature in place, you can use the default providers which are inbuilt into the database. These default providers create a default database ASPNETDB and stores the information about users and roles in this database.

A much bigger advantage with this feature is that, if you do not want to use the default classes and default database but want your own database structure, you can modify the entire behaviour of your web application according to your needs. The only thing you have to take care is that you will have to implement a defined set of interfaces in your class, so that API can use it. The Membership API and Roles API have a defined set of interfaces which you will have to implement. For Example, MembershipProvider interface for Membership API, RoleProvider interface for Roles API, Profileprovider for Profiles API etc.

Now, how do you do it? Just create a new class in App_Code folder named MyMembershipprovider or any name which you like and say that it implements Membershipprovider like this:

public class MyMembershipProvider : MembershipProvide

Then right click on the MembershipProvider and Click on "Implement Abstract Class". Blank functions are created automatically, only thing you have to do is fill in the blanks.

The proper steps to use custom membership provider are:

1. Configure forms authentication in your web.config file as usual, and deny access to anonymous
users. Like this:

<authentication mode="Forms">
<forms name="code-pro-ject" loginUrl="login.aspx" />
</authentication>
<authorization>
<deny users="?"></deny>
<allow roles="Administrator"></allow>
</authorization>


2. Set up the data store. For example, if you are using SQL Server, you have to
create the necessary tables and stored procedures in a SQL Server database of your choice. I have created the following tables:


3. In the web.config file Configure the database connection string and the Membership provider you want to use like this:

  <connectionStrings>
    <add name="UsersDb" 
      connectionString="Server=.\SQLExpress;Database=SampleDb;Integrated Security=True;AttachDbFilename=|DataDirectory|UsersDb.mdf;User Instance=True;" 
      providerName="System.Data.SqlClient"/>
  </connectionStrings>

AND......

<membership defaultProvider="MyMembershipProvider" userIsOnlineTimeWindow="20">
<providers>
<clear/>
<add name="MyMembershipProvider"
type="MyMembershipProvider"
connectionStringName="UsersDb"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresUniqueEmail="false"
requiresQuestionAndAnswer="false"
passwordStrengthRegularExpression=""
minRequiredPasswordLength="1"
minRequiredNonalphanumericCharacters="0"
passwordFormat="Hashed"
applicationName="/" />
</providers>
</membership>

<roleManager enabled="true" defaultProvider="MyRoleProvider">
<providers>
<clear/>
<add name="MyRoleProvider" connectionStringName="UsersDb"
  applicationName="/"
  type="MyRoleProvider" />
</providers>
</roleManager>


4. Create users in your Membership store using the ASP.NET web configuration utility or using
a custom website administration pages which you can make yourself.
5. Create a login page that uses the prebuilt Login control, or create a login page that uses the
Membership class for validating the entered credentials and authenticating the user.

Using the code

You can download the code at the end of this article and directly copy the code to your machine to check the functionality. You can change the name of database in the web.config file's connectionStrings settings.

I have tested the application to be working fine with my activities thing included into it. **If you do not want to use the activity thing and are only interested in custom Membership Provider and custom Role Provider, you can store only the location of folders with "/" included in the end in the activities database and it should work fine.... I have included functions for this (but I have not properly checked it.. please bear with me untill I test it further, as I am presently working on the activities thing).

I have not used any stored procedures in these providers, so you can easily include the fields which I am using into your tables and change the sql statements accordingly. This means you can integrate it into your own website with lesser effort.

**Please take care that the web.config files in the sub directories of this project do not have xmlns="..." attributes to their configuration elements. This is because I am not very good at namespaces. The first update which I will post will be able to handle this. However, if you only store the folder informatio, I think it will work fine because it does not uses my Datamanager class instead it uses System.Web.Configuration's classes to modify the access rights.

Note:

Please follow the corrections suggested by zemma for Admin/Roles/Default.aspx: Button1_Click ,Admin/Roles/Default.aspx: Button2_Click and Admin/Roles/Default.aspx: denyfolderacces in the reply messages to this article below.

Points of Interest

If you need more information about these topics, you can follow these links:

1. Role-based Security with Forms Authentication
2. Examining ASP.NET 2.0's Membership, Roles, and Profile - Part 1
3. Rolling Your Own Website Administration Tool - Part 1

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

About the Author

Amit Kumar Thakur


"go back and revise the stuff from where you copied this.... Your employer would probably not be happy to see you publishing such a poor reflection on the quality of his employees......actually.... you should be Embarrassed...."

Amit Kumar Thakur wrote:
however I request further comments please. -
How about this: Based on your response to the two comments already made, I have no intention of wasting any time commenting on this half-baked, badly written first draft..

KICKING HARDER THAN EVER BEFORE.....
STILL.... THIS IS NOT THE LAST BATTLE AND STILL.... THIS IS NOT THE BEST FIGHT WHICH I CAN PUT UP.
Occupation: Web Developer
Location: India India

Other popular ASP.NET articles:

Article Top
Sign Up to vote for this article
You must Sign In to use this message board.
FAQ FAQ Search Search Messages 
 Layout  Per page   
 Msgs 1 to 7 of 7 (Total in Forum: 7) (Refresh)FirstPrevNext
Generalmdf is corruptmembervuon15hrs 57mins ago 
Generaldatabase issuemembergvrkrish9:33 21 Nov '08  
Generalhow do insert Activities [modified]memberMember 24526981:21 4 Sep '08  
Generalthanksmemberdinakatina13:02 13 Jun '08  
GeneralModificationsmemberzemma3:53 10 Jun '08  
GeneralRe: ModificationsmemberAmit Kumar Thakur2:56 2 Sep '08  
GeneralFormatting.....memberAbhijit Jana5:34 2 May '08  

General General    News News    Question Question    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

PermaLink | Privacy | Terms of Use
Last Updated: 2 Sep 2008
Editor: Chris Maunder
Copyright 2007 by Amit Kumar Thakur
Everything else Copyright © CodeProject, 1999-2008
Web18 | Advertise on the Code Project