Click here to Skip to main content
14,422,431 members
Rate this:
Please Sign up or sign in to vote.
Trying to grasp how I should use MVC 4 (VS 2013) with Forms Auth. Heres the steps i took

1. Create a new project ASP .Net MVC 4 > Internet Application (A default ASP.NET MVC 4 project with an account controller that uses forms authentication.).

2. Run app and all runs. I create a user using the public accessible /Account/Register link

3. The code that ran has created 4 tables. webpages_Membership, webpages_OAuthMembership, webpages_Roles, webpages_UsersInRoles. I see my username listed in 1 table and related info in another. Nothing in Roles.

I would like to add a role and restrict the register link to one group. If a user arrives to register page and is not part of the group they receive an error.

I tried adding [Authorize(Roles="Admin")] to one of the methods found under the automatic class generated AccountController but this did not resolve the issue.

I was then considering adding the role manually but i dont know if thats the correct way or if i need to change the web.config file (this seems to be recommended for webforms but couldnt find anything to suggest it's ok for MVC).

Can anyone guide me to add a role and associate it with a user? I have created this base project to expand on so going further i would make similar changes.

What I have tried:

I tried adding [Authorize(Roles="Admin")] to one of the methods found under the automatic class generated AccountController but this did not resolve the issue.

I was then considering adding the role manually but i dont know if thats the correct way or if i need to change the web.config file (this seems to be recommended for webforms but couldnt find anything to suggest it's ok for MVC).
Posted
Updated yesterday
Comments
Richard Deeming 4 days ago
   
If the "register" page is for new, unregistered users to create an account, then how would you restrict it to users in a particular role? The user isn't authenticated yet, so they can't be a member of any roles.

What are you using to manage the membership? There have been several different authentication/authorization systems released by Microsoft over the years, and the answer to your question will be different for each one.

1 solution

Rate this:
Please Sign up or sign in to vote.

Solution 1

I Assume you want to give option of registration to some particular role, so here are the steps you need to follow

First create a role, then Assign the role to those users you want to allow and Last you need to put Authorization on all those actions.

For creating a role you can use Role Manager,
// Create object of role manager
var roleManager = new RoleManager<IdentityRole>(new RoleStore<IdentityRole>(new YourDataContext()));

// Create Role in the system
var role = new IdentityRole(){Name="Admin"};
var result = await roleManager.CreateAsync(role);
if (result.Succeeded)
{

}

//Crate object of user manager
var userManager = new UserManager<AppUser>(new UserStore<AppUser>(new YourDataContext()))


// Find User by email
var user = await userManager.FindByEmailAsync(model.Email);

// Assign roles to user
await userManager.AddToRolesAsync(user.Id, model.Roles.ToArray()); // Roles will have role names e.g. "Admin", "Approver" etc


[Authorize(Roles = "Admin")]
public ActionResult Register()
{
}
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month



CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100