RTUR.NET

.NET and Open Source: better together

NAVIGATION - SEARCH

Quick and dirty role management in ASP.NET MVC

Rl-0Wrapper around standard Membership provider that ships with ASP.NET MVC 1.0 out of the box fit well common scenario for social websites with self-registration and all users treated equal. When you have more complex requirements, in portal-like style application, you are very much out of luck. Account controller that comes with MVC 1.0 has very limited user management implementation and does not go into role management at all. It would be nice to have role management implemented the same way as account management, but if you need to roll right away I’ll show you quick and dirty way of doing basic user/role management with what we have now.

First, create new ASP.NET MVC project, I resourcefully call mine “MyPortal”, accepting all defaults. Then go to site configuration manager and create “Admin” user and two roles, “Users” and “Admins”. Assign Admin role of Admins. If you have issues using configuration manager, here is good tutorial.

With this basic setup taken care of, let’s take a look around to see what we got already. Along with two default views (home and about) we got log in and register screens to handle users.

Rl-1 Rl-2

What missing is ability to assign users to the roles. I’m ok with creating and deploying set of roles to the server using configuration manager, but handle each user this way is annoying at best. What I need is to be able to select role while creating new user. For the roles, I’ll add drop down box to the Register view:

<p>
  <label for="roleName">Select Role:</label>
  <%= Html.DropDownList("roleName") %>
  <%= Html.ValidationMessage("roleName") %>
</p>

I’ll populate it in the AccountController, also setting Authorize attribute to only Admin access:

[Authorize(Roles = "Admins")]
public ActionResult Register()
{
  ViewData["roleName"] = new SelectList(Roles.GetAllRoles(), "roleName");
  ViewData["PasswordLength"] = MembershipService.MinPasswordLength;
  return View();
}

 

And this is where it gets dirty. I’m throwing in the mix System.Web.Security.Roles – and it only exists within web context. That means, it will break unit test and defeat testability advantage that MVC has. Bad practice. You can wrap it up in the try/catch and suppress error to get all green test run. It won’t make it better practice, but getting greens back cheered me up a little bit.

To assign user role, I’ll again invoke dirty trick, this time using (OMG) Request.Forms:

if (createStatus == MembershipCreateStatus.Success)
{
  Roles.AddUserToRole(userName, Request.Form["roleName"]);
  FormsAuth.SignIn(userName, false /* createPersistentCookie */);
  return RedirectToAction("Index", "Home");
}

I’ve also added “Register” tab to the menu bar and made it visible only for admins.

<%if (HttpContext.Current.User.IsInRole("Admins")) {%>
 <li><%=Html.ActionLink("Register", "Register", "Account")%></li>
<%}%>

When this is done, I can log in as admin, go to Register tab and add user and select role for this user – exactly what I needed. Obviously, it is not a complete comprehensive solution by any means, but it serves my needs for now and hopefully will help you if you got into similar situation. Overtime role management need to have it’s own MVC-friendly implementation. But even with this limited functionality you can effectively manage new users, assign roles and secure your site with all kind of access rules your client will throw at you.

 

Rl-4

 

Source code for this project attached. Password for both Admin and User is “password”.

MyPortal.zip (629.03 kb)

Comments (5) -


You can use the routing mechanism with asp.net webforms as well.

the mvc team created a new namespace that enables you to work with a 3.5 sp1 webforms site and take advantage of all the routing capabilities you want,

if im not mistaken, its system.web.routing

That is a very helpful illustration indeed. Thanks man!

I do however have one negative thing to say about ASP.NET MVC… It feels like I'm re-inventing the wheel with everything!! Well, the reason for this is it's so new still. ASP.NET WebForms is really mature compared to ASP.NET MVC. However, I don't think ASP.NET MVC will take 7 years to get to the maturing of ASP.NET WebForms; after all it's still based on ASP.NET and you can't forget about jQuery and ALL the plugins!

Very cool, thanks

I don't think ASP.NET MVC will take 7 years to get to the maturing of ASP.NET WebForms; after all it's still based on ASP.NET and you can't forget about jQuery and ALL

Comments are closed