DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
  1. DZone
  2. Coding
  3. Frameworks
  4. Tip Of The Day: Default User Roles in ASP.NET MVC4

Tip Of The Day: Default User Roles in ASP.NET MVC4

Denzel D. user avatar by
Denzel D.
·
Mar. 05, 13 · Interview
Like (0)
Save
Tweet
Share
17.84K Views

Join the DZone community and get the full member experience.

Join For Free

asp.net mvc is an extremely powerful framework, and the default website template offers a good set of capabilities to build a fully functional portal that can be customized on top of the existing implementation.

one of the highlights of the default template is the user-based content separation - there is a built-in authentication mechanism that binds to a sql database, that subsequently allows you to specify what content to display to what users. a question i was asked recently was whether there was a way to specify user roles without major additions to the existing web app skeleton, such as implementing a custom membership provider and fortunately the answer is yes .

let's begin by establishing where the user role is assigned, and that is the registration stage. in the default template, you have the accountcontroller that contains a register action. the default implementation looks like this:

[httppost]
[allowanonymous]
[validateantiforgerytoken]
public actionresult register(registermodel model)
{
    if (modelstate.isvalid)
    {
        // attempt to register the user
        try
        {
            websecurity.createuserandaccount(model.username, model.password);
            websecurity.login(model.username, model.password);
            return redirecttoaction("index", "home");
        }
        catch (membershipcreateuserexception e)
        {
            modelstate.addmodelerror("", errorcodetostring(e.statuscode));
        }
    }

    // if we got this far, something failed, redisplay form
    return view(model);
}

what's missing here is the role assignment, so let's add that. right after the createuserandaccount call, we can check whether a specific role exists, and if it is - add the registered user to it. in case the role is new, create it.

if (!roles.roleexists("standard"))
    roles.createrole("standard");

roles.addusertorole(model.username, "standard");

here i am working with a role called standard , but obviously you can use another identifier for it. if you open the database that is carrying the app data, you will notice that there are two new tables introduced in the existing context - roles and usersinroles .


as the data skeleton is established, you can now limit content access based on roles. in views, you could use the authorize attribute:

[authorize(roles = "admin")]

or you could check for the role directly:

@if (roles.getrolesforuser().contains("admin"))
{
}

simple as that.

ASP.NET

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • How to Create a Real-Time Scalable Streaming App Using Apache NiFi, Apache Pulsar, and Apache Flink SQL
  • Bye Bye, Regular Dev [Comic]
  • Differences Between Site Reliability Engineer vs. Software Engineer vs. Cloud Engineer vs. DevOps Engineer
  • Mr. Over, the Engineer [Comic]

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: