I'm working on a project for an events site. I want to create it so that users can create an event and they become the admin for only that event, and they can authorise others as fellow admins (FB style), meanwhile they are only a user for. Is it possible to use the existing roles tools built into .NET to do this?
Thanks
The comments provided are pretty useful (create your own table for it\creating roles on the fly). In short, the functionality you are looking for is not currently available in the existing Universal Role Provider packaged with .NET. However, the URP is intended to only be a starting framework for you to work with\edit as you see fit. I would use a combination of these 2 suggestions, using the built in role provider tables to generate roles on the fly, and use a custom table to manage that hierarchy.
Hope this helps, and welcome to Stack Overflow!
Related
Started a project on asp.net core 3.1 and I have the following question.
I want the user when registering to chose whethere he is a user or a company.
I have no idea how to implement it so every suggestion will be helpful.
I am using .net identity.
Thank in advanced!
So, Identity gives you an absolute load of options but don't think it has that one. Luckily you have the Claim system and so storing it in a Claim would be one option.
Or create some other data structure in your database like a UserType field, probably on your "user" table and use a selectlist with a couple of options in it to select from.
Sounds like you're quite new to development and the question is pretty broad in its nature so I would recommend doing a couple of courses in key areas, time well spent I would think.
I am assuming you have already setup the Identity Membership and only need help collecting additional data on a user. If this is the case please follow this blog post https://www.yogihosting.com/aspnet-core-identity-custom-user-properties/
I need some advice. I'm currently using MVC 4 & SimpleMemberhip with LDAP to authenticate users. The issue is, I don't want to store their usernames and passwords in the
webpages_Membership table due to security concerns. The second issue is I want to provide user-editable profiles.
Here's what works so far:
User logs for the first time and a new entry is created in webpages_Membership
An individualized link to edit the user profile is displayed on the homepage
Username is added to the UserProfiles table when profile is accessed for the first time
Certain user details are fetched from LDAP server and written to profile
Users can then customize their profiles
I'm currently using SimpleMembership with an override to the ValidateUser method. Everything works as it should but I don't need to store the LDAP usernames & passwords. Can this be done?
p.s. I know there is a better way to create new users & profiles besides on first time log in but I'm still working on it.
If you don't want to store the passwords (which SimpleMembership would do by default), you are better off deriving your own custom provider from ExtendedMembershipProvider (or maybe from SimpleMembership, but that would get complex) and write the LDAP implementation, or using one of the ones on NuGet. There's no built-in LDAP support in SimpleMembership, so any approach you do would be a nasty hack which will probably bite you later on.
As for the UserProfile, it doesn't sound like your requirement is that different to the usual UserProfile use case - create custom properties on the UserProfile model, update the database accordingly, and build a UI to allow the user to edit whichever of those properties they should be able to directly edit.
(edit)
Footnote. In my answer to "How do I use my own database with SimpleMembership and WebSecurity? What is MVC4 security all about?" I examine the history of membership, how ExtendedMembershipProvider fits into this, and how the new classes such as WebSecurity work on the basis of a provider being a concrete implementation of ExtendedMembershipProvider (which SimpleMembershipProvider is, for example). For anyone looking to derive their own provider to use with WebSecurity, that answer is worth reading.
I've managed to bypass storing user details in the Membership provider by creating the required tables with Code First. I'm now able to create new users and store them in the UserProfile table.
After I was learning about ASP .NET Membership built-in framework I have decided that this stuff is almost suitable for me. But there are couple features and edits I would like to have:
Two step registration: after user have typed all account information, verification letter should be send to typed email. Before email address is verified it impossible to log in (some message should appear, telling user that email verification is needed before it's allowed to use account).
Membership DB Scheme:
There is no need to store user question for restoring password.
Illegal attempts to login is uneccessary.
Default aspnet_ prefix is likely to be changed.
... and so on
For the first item I know that I could use own class derived from SqlMembershipProvider. Am I right about this? Could you point me at some good post where I could get learned.
For the second improvement it's seems like a trouble. In this book I have read that isn't so easy:
• The built-in SQL storage providers need direct access to your database, which
feels a bit dirty if you have a strong concept of a domain model or use a particular
ORM technology elsewhere.
• The built-in SQL storage providers demand a specific data schema
that isn’t easy to share with the rest of your application’s data
schema.
The biggest problem I've encountered with subclassing SqlMembershipProvider is it doesn't give you the connection string to work with. You have to hack the class to pieces to get anything useful for the way most modern login systems work.
I'm not sure about the database tables names - I don't think that's controlled by the SqlMembershipProvider but is actually inside an ASP.NET installer class.
My advice would be to create your own from scratch, and use the built in FormsAuthentication helpers. It's really not a big task compared to hours of annoyance having to conform to the providers. I did this with Roadkill after going down the Membership Provider route, and discovering it a cul-de-sac particularly for Active Directory support.
You can completely control your membership DB schema by Implementing Custom Membership User (of course you also need to implement Membership Provider for the User).
Customize user creation steps by configuring CreateUserWizard control. You will change its' template and handle events, I don't think you need to override it.
I am new in ASP 2.0 and i need help to create a createUserWizard. It is not for a real application, it is just for homework. Could someone give me some guidelines on what should i do?
This is what i did so far:
1-I created the database with a user table
2-I create a page for registration and i added the userWizardComponent on it:
What should i do now to be able to:
-Add users to the database
-Make the password validation less restrictive(I cannot enter it correctly i would like to make it easier or dissable it).
Ill appreciate your help
Since this is homework, I'll just try and give you some guidance in the right direction.
Firstly, the create user wizard is designed to work against ASP.NET's built in Membership api. This api utilizes a certain Database schema which can be automatically created in a database using the "aspnet_regsql" tool. For more information on ASP.NET Membership, check out these links: Introduction to Membership and Walkthrough: Creating a Web Site with membership and login
That should get you started in the right direction. To relax the constraints on the password, you would modify the membership settings in web.config and the above links should also point that out. You can control the minimum length, number of special characters, etc.
ASP.NET has a built in Membership system that those controls work with. You do not need to create a custom database to store user information (unless of course it is a requirement of your assignment). Rather, run the AspNet_regsql tool from the VS command prompt which will create the Membership database.
In order to make less restrictive passwords and things like that, you'll need to research custom Membership Providers, and this is set in the web.config.
You need to run AspNet_regsql from the VS Tools Command Prompt to create the tables used by the ASP.Net membership system.
You can change the complexity requirements in Web.config.
I have a WPF application with a WCF service layer and a SQL database.
I now want to restrict elements of the application so that certain functions are only available to those users with a particular role. For example, you will only be able to navigate to the settings screen if you are an administrator.
I would like a user to be a member of 1 or more authorisation groups and each authorisation group to have 1 or more roles associated.
A long time ago I used AzMan (Authorisation Manager) to do a similar thing. Does anyone think that there are better approaches? Is AzMan "old news"? Alternatives?
Thanks.
I don't think azman is old news, we are still using it....
Authorization and Entitlement solution on .Net like earlier in AzMan
Azman will do what you are asking....
Well I'd do (actually I already did) the following.
I guess you got your business rules (users, groups) defined in your SQL Database. So you could simply do the Authorisation at the UserControl level. Give each of your UserControls the property hasAuthorization and bind it to the isEnabled property. You can also bind it to the Visibility attribute.