Friday, 26 September 2008

ASP.NET Membership - Custom Role Providers

With my investigations into the Enterprise Library I've come across the sercurity section. Before I got into security I thought I'd take a more indepth look into memebership services. For my new project there are some requirements on the database, some legacy table structures need to be kept in place, some of these hold the groups, roles and permissions for users. ASP.NET membership is very powerful and does most of what I need, that is to say we can use active directory authentication for the users. The available roles provides, however, to determine the roles for the users don't do what I need. The solution? Simply overwrite the roles provider with my own custom roles provider. After a little research I came across this gem, Josh Flanagan's Roles Provider Template. Just download and install the template as instructed and you'll be able to add new role providers to your code in no time. The template compiles without any extra code and implements no methods. Just fill out the implementations for the methods you require from your role provider and throw a not supported exception from everywhere else. Now all you need to do is include your new provider in your config file, there are a couple of gotchas here so I'll show you mine.

The above xml is placed in between the system.web section as normal for membership. The active directory provider is first, you should be aware that membership does not allow active directory connection strings that are serverless, so mine ended up more like this

LDAP://domain.com.au/DC=domain,DC=com,DC=au.

If you're having trouble, try that and see if it works for you. Unfortunately I don't have a good LDAP site I can recommend for you, if you know one please let me know. The role manager is where I've implemented my custom provider (though it has no code in it yet). Note that in the "type" section I have this:

ASPMemberShipTechDemo.Models.Security.CustomDatabaseProvider, ASPMemberShipTechDemo .

You will need to put the assembly after the class name so that the config file knows where to look. This is more important if you're dealing with another library. After that, firing up the code and it all works fine. I can now run

"Roles.Provider.GetRolesForUser(username)"

and have it return nothing (because I haven't implemented my custom code yet) but hit the breakpoint in my custom provider. Full credit to Josh Flanagan and his custom roles provider template.

1 comment:

Anonymous said...

Iam pretty new to Membership and Role Management in ASP.Net, hope you will be right person in helping me out.

As per my knowledge, assigning permissions to roles can be done at folder level.

I have to build a custom Website administrator tool which uses the ASPNetDB database(available with .net framework), it should have an option to create roles and edit them in such a way that the users should be able to assign permissions to the roles at page level and also at functionality level within that Page for each role.

Pls mail me at gannyprodigy@gmail.com