0

Hello everyone, I implemented my own registration and login system to a blog application i was writing. I used the database first approach and created some tables (dbo.UserProfiles - containing user information) and other tables with which i generated an entity data model from . However i got to a stage where i needed to create an admin panel and then i realized that i needed a way to associate each user to a specific role (Moderator, administrator, guest) and restrict access to certain pages based on those roles. My question is that how can i implement a role provider to an existing database since i did not use the default membership system of asp.net mvc and also i can i use the roles to allow or restrict access to certain pages in my website.

ibnhamza
  • 861
  • 1
  • 15
  • 29
  • Do you have another table for roles and third table to define user roles? – Muhammad Gouda Dec 14 '14 at 19:18
  • @mGouda yes i created a table called dbo.roles with roleId and roleName column and also a table called dbo.UsersInRoles with columns roleId and UserId and specified the foreign key relationship. After that i clicked on the edmx designer and updated my existing model to include the newly added tables. Then i created a new controller called adminController which i added an [Authorize(Role="Admin")] attribute. Upon navigating to this page i got an error saying 'A network related or instance specific error occured while establishing a connection to the sql server. – ibnhamza Dec 14 '14 at 19:29
  • the error you are talking about here has nothing related to the original question, this error indicates you cannot connect to sql server database, double check connectionstring and related stuff – Muhammad Gouda Dec 14 '14 at 19:38
  • ok @mGouda what is the best way to achieve the question i asked that is about adding roles to an existing website that already has a membership system (not implementing the default membership system of asp.net mvc). – ibnhamza Dec 14 '14 at 20:01

3 Answers3

0

You can create your own membership provider by inheriting from the MembershipProvider class. MSDN has a great sample on how to do this.

http://msdn.microsoft.com/en-us/library/44w5aswa(v=vs.100).aspx

You will also need to implment a Role Provider.

http://msdn.microsoft.com/en-us/library/tksy7hd7(v=vs.100).aspx

nerdybeardo
  • 4,655
  • 23
  • 32
  • i already created a membership system and ive gone far with the application that i cant throw away my membership system and start implementing the default one provided by asp.net mvc. What i need is a way to add a role provider to my existing database and sync it with the existing custom membership system i created. – ibnhamza Dec 14 '14 at 19:38
  • If you follow the examples found at MSDN that I've posted you can create a custom membership provider that will do what you want. – nerdybeardo Dec 15 '14 at 00:38
0

you can create your own custom principal and identity. Implement IsInRole method. Authenticate your request in global.asax Application_AuthenticateRequest method. And then just add [Authorize(Roles = "Admin")] atribute to your specified actions.

Here is a good example and ansver.

Community
  • 1
  • 1
aleha_84
  • 8,309
  • 2
  • 38
  • 46
  • that i think is the way, only problem is i'm new to this technology and i dont know how to go about it. can you help with some code? – ibnhamza Dec 14 '14 at 20:36
0

The following example shows how to specify that a controller is only available to users in the Administrators roles.

[Authorize(Roles="Administrators")]
public class AdminController : Controller
{
    . . .
}

The following example shows how to limit access to an action inside a controller to only the specified list of roles.

[Authorize(Roles="Moderators,Administrator")]
public List<myObject> GetRestrictedData()
{
    . . .
}

The following example shows how to limit access to a controller to only the specified users.

[Authorize(Users="Jhon,Games")]
public class RestrictedContentController : Controller
{
    . . .
}

Reference

Muhammad Gouda
  • 849
  • 8
  • 20
  • i used the first method above and i got an error saying "a network related or instance specific error occured". I'm confused because this only started happening after i added those two tables and updated my model. since other pages in the application requiring connection to the database are working fine without any problem. only the page i added [Authorize(Roles="Admin")] is causing this error. – ibnhamza Dec 14 '14 at 21:39
  • Sorry, I have no clue, but I recommend you review steps you did after adding new tables (roles, userRoles) like creating edmk and related controllers and views etc. also, check [this SO question](http://stackoverflow.com/questions/21996191/how-to-check-user-role-in-mvc-5-identity) – Muhammad Gouda Dec 14 '14 at 21:51