Which class provides methods that can be used to manage role membership to be

Which class provides methods that can be used to manage role
membership to be used in user authorization?

Question Posted / ynpradeep

3 Answers
5160 Views
Wipro, I also Faced
E-Mail Answers

Answers were Sorted based on User's Feedback

Which class provides methods that can be used to manage role membership to be used in user authori..

Answer / guest

System.Security
System.Security.permision

Is This Answer Correct ?

3 Yes

1 No

Which class provides methods that can be used to manage role membership to be used in user authori..

Answer / sudhakar k

During this walkthrough, you will learn how to:

Establish roles for an application.

Assign users to roles.

Create rules (permissions) that selectively grant or deny
access to pages for different rules.

Programmatically d

Determine whether a user is in a particular role and which
roles the current user is in.

Is This Answer Correct ?

1 Yes

0 No

Which class provides methods that can be used to manage role membership to be used in user authori..

Answer / sudhakar k

Visual Web Developer
Walkthrough: Managing Web Site Users with Roles

Many ASP.NET applications involve membership —
authenticating users so that they have access to restricted
resources, such as members-only pages. If the application
will support many users, or if the list of users is likely
to change over time, consider establishing roles to manage
user access. A role is the name of a group, such as
managers, sales, or members. After establishing roles, you
can assign individual users to a role. Then, you can grant
permissions to a role, and every user in that role inherits
the permissions you have assigned. Roles are therefore an
efficient way to manage permissions for groups of users.

During this walkthrough, you will learn how to:

Establish roles for an application.

Assign users to roles.

Create rules (permissions) that selectively grant or deny
access to pages for different rules.

Programmatically determine whether a user is in a
particular role and which roles the current user is in.

Prerequisites
In order to complete this walkthrough, you will need:

Visual Studio.

The .NET Framework.

IIS installed locally on your computer.

SQL Server Express Edition installed locally on your
computer.

A way to identify individual users.

Note
In working applications, you can identify users in various
ways, including by their Windows user account. However, in
this walkthrough, users will identify themselves by logging
in to your site. Therefore, this walkthrough requires that
you have a site configured to use ASP.NET membership. If
you have a site already configured with membership, you can
use that site as a starting point for this walkthrough.

Configuring a Web Site, Membership, and Roles
Before you work with ASP.NET roles, you must have a Web
site available, and configure the site to enable membership
and set up user roles. If you have completed the topic
Walkthrough: Creating a Web Site with Membership and User
Login (Visual Studio), you can use the Web site that you
configured in that walkthrough.

If you do not already have a Web site available, use the
following procedure to create one. Otherwise, go to the
next section "Creating Folders for Member-Only Pages."

To create a local IIS Web site
Open Visual Studio.

On the File menu, click New Web Site.

The New Web Site dialog box appears.

Under Visual Studio installed templates, select ASP.NET Web
Site.

In the Location list box, select File System.

Click Browse, and then select a directory for your
application, such as C:\RolesWebSite.

In the Languages box, click the programming language that
you prefer to work in.

The programming language you choose will be the default for
your Web site, but you can set the programming languages
for each page individually.

Click OK in the New Web Site dialog box.

Visual Web Developer creates the Web site and a new page
named Default.aspx.

Creating Folders for Member-Only Pages
In order to work with roles, you will need to create two
folders, MemberPages and GuestPages, where you can keep
pages that have restricted access.

Note
If you are re-using the Web site from the membership
walkthrough, you probably already have this folder and can
skip step 1 of the following procedure.

To create folders for restricted access
In Solution Explorer, right-click the root of your Web
site, click New Folder, and then name the folder
MemberPages.

This folder will contain a page that is accessible to only
some of your users.

Right-click the root of your Web site, click New Folder,
and then name the folder GuestPages.

This folder will contain a page accessible to any logged-in
user (but not to anonymous users).

Configuring the Web Site for Membership and Roles
After creating the basic Web site, you can configure it to
use membership and roles.

To configure the Web site for membership and roles
On the Web site menu, click ASP.NET Configuration.

Select the Security tab, click the link to Use the security
Setup Wizard to configure security step by step, and then
click Next.

Proceed to Step 2 of the wizard and select the From the
Internet option.

The wizard displays a page where you can select the
authentication method that your Web site will use.

This option specifies that your application will use Forms
authentication, where users will log into the application
using a login page that you will create later in this
walkthrough.

Click Next.

The wizard displays a message stating that user information
will be stored using Advanced provider settings. Your
application will use the default provider, which stores
membership information in a SQL Server Express Edition
database file in the App_Data folder of your Web site.

Click Next again.

In Step 4: Define Roles, select the Enable roles for this
Web site check box, and then click Next.

When prompted, create two roles, members and guests, and
then click Next.

In Step 5: Add New Users, create three users named member1,
guest1, and memberGuest.

You can assign any strong passwords you like, but be sure
to remember them. Passwords must be at least 7 characters
long, and at least one of the characters must be non-
alphanumeric. For the e-mail address, use your own. (You
will not be sending e-mail messages in this walkthrough.)

Note
Do not close the Web Site Administration Tool yet.

The Web site that you are creating will allow users to gain
access to different pages according to their roles.
Therefore, you need to create some access rules that
determine which roles have access to which folders.

To set up access rules for the site folders
In the security wizard of the Web Site Administration Tool,
click Next.

Step 6: Add New Access Rules displays a page where you can
create rules that determine which roles (or users) can gain
access to the pages in your Web site.

Under Select a directory for this rule, expand the root
node, and then click GuestPages.

Under Rule applies to, select Anonymous Users.

Under Permission, select Deny.

The rule you are creating denies access to anonymous users —
that is, users who have not logged in.

Click Add This Rule.

The new rule is displayed in the grid at the bottom of the
page. When users request a page from the GuestPages
directory, the rules are checked in order, from top to
bottom, to determine whether the user is allowed access to
the page. If the user is not logged in, the pages in this
folder will not be displayed.

Under Select a directory for this rule, click MemberPages.

Under Rule applies to, select Role, and then in the drop-
down list, click members.

Under Permission, select Allow.

The rule you are creating grants access permissions for the
MemberPages folder to anyone in the members role.

Click Add This Rule.

Under Select a directory for this rule, click MemberPages.

Under Rule applies to, select All Users.

Under Permission, select Deny.

Click Add This Rule.

The second rule for the MemberPages folder makes sure that
no one except users in the members role can gain access to
the folder. The rules are processed in order, from top to
bottom, as you see them in the grid.

The first rule (Allow) grants access to users in the role
named members. The second rule (Deny) denies access to all
other users. You can create as many Allow or Deny rules as
you need for your application. When users request a page
from the MemberPages directory, the rules are applied in
order, from top to bottom, to determine whether the user is
allowed access to the page.

Click Finish to return to the Security tab.

Note
Do not close the Web Site Administration Tool yet.

Assigning Users to Roles
You must perform one last configuration step: assigning the
users you have created to roles.

To assign users to roles
On the Security tab of the Web Site Administration Tool,
under Users, click Manage users.

In the row for guest1, click Edit Roles.

The Roles box is filled in with a list of available roles.

Select the guests check box to assign the user guest1 to
the role guests.

In the row for member1, click Edit Roles and assign the
user member1 to the role members.

Using the same technique, assign the user memberGuest to
both the guests and members roles.

Close the Web Site Administration tool, and then do the
following:

In Solution Explorer, click the refresh icon.

On the Web site menu, click ASP.NET Configuration to
restart the Web Site Administration tool.

This ensures that the connection to the Membership database
that was used by the Web Site Administration tool is closed.

Close the Web Site Administration tool again.

Adding Pages with Restricted Access
To test your membership and role settings, you need to
create a way for users to log in so that you can identify
them. You must also create some Web pages that will allow
you to test the access rules you have created.

To create a default page for all users
Switch to Visual Studio.

Open or switch to the Default.aspx page, and then switch to
Design view.

If you do not have a Default.aspx page, add one to the root
of your Web site.

Note
Be sure to name the page Default.aspx; this name is used
later in the walkthrough.

Add a heading with text, such as Welcome!

In the Toolbox, from the Login group, drag a LoginStatus
control onto the page.

When clicked, the LoginStatus control takes users to the
Login.aspx page if they have not already logged in.

From the Login group in the Toolbox, drag a LoginName
control onto the page. Set the FormatString property
to "Hello {0}."

The LoginName control will display the user's name if the
user is logged in.

In the Toolbox, from the Standard group, drag a HyperLink
control onto the page. In the Properties panel for the
HyperLink control, set the Text property to Guests and
Members and the NavigateUrl property to
~/GuestPages/Guests.aspx.

Note
You will create the Guests.aspx page later in this
walkthrough.

In the Toolbox, from the Standard group, drag another
HyperLink control onto the page. In the Properties panel
for the HyperLink control, set the Text property to Members
and the NavigateUrl property to ~/MemberPages/Members.aspx.

Note
You will create the Members.aspx page later in this
walkthrough.

You now have a home page that is available to all users.
From here, users can link to additional pages, some of
which will be restricted. The next step is to create a
simple login page.

To create a login page
In Solution Explorer, right-click the root folder of your
Web site and select Add New Item. Add a Web Form named
Login.aspx to your Web site.

In the Login.aspx page, switch to Design view.

In the Toolbox, from the Login group, drag a Login control
onto the page.

In the Properties panel for the Login control, set the
DestinationPageUrl property to ~/Default.aspx.

Finally, you need to create some pages that represent the
restricted content of your site.

To create restricted pages
In Solution Explorer, right-click the GuestPages folder,
click Add New Item, and add a Web Form named Guests.aspx in
this folder.

Switch to Design view and add a heading to the Guests.aspx
page, such as Welcome to the Guests page!

In the Toolbox, from the Standard group, drag a HyperLink
control onto the page. In the Properties panel for the
HyperLink control, set the Text property to Home and the
NavigateUrl property to ~/Default.aspx.

In Solution Explorer, right-click the MemberPages folder,
select Add New Item, and add a Web Form named Members.aspx.

Switch to Design view and add a heading to the Members.aspx
page, such as Welcome to the Members page!

In the Toolbox, from the Standard group, drag a HyperLink
control onto the page.

In the Properties panel for the HyperLink control, set the
Text property to Home and the NavigateUrl property to
~/Default.aspx.

You do not have to add any code to the pages to restrict
access to them. They are restricted because they reside in
folders that are protected with access rules.

Testing Roles
Your site is now ready for testing.

To test roles
Switch to the Default.aspx page, and then press CTRL+F5 to
run it.

Click Guests and Members.

You are redirected to the Login.aspx page because you are
attempting to access a page that does not allow anonymous
users.

Log in as guest1, who is in the role of guests.

After you log in successfully, you are redirected to the
Guests.aspx page.

Click Home to return to the Default.aspx page.

The Default.aspx page displays the text Hello, guest1 where
you put the LoginName control. In addition, the LoginStatus
control has changed text from Login to Logout, because you
are now logged in as guest1.

Click Guests and Members.

This time, you go straight to the Guests.aspx page because
you are already logged in as a user in the role of guests.

Click Home to return to the Default.aspx page.

Click Members.

You are redirected to the Login.aspx page because guest1
does not have permissions for the Members.aspx page.

Log in either as member1 or as memberGuest.

You are redirected to the Members.aspx page because you are
now logged in as a user in the role of members.

Click Home to return to the Default.aspx page.

The page now reflects your new login name.

Next Steps
This walkthrough illustrates the basic functionality of
ASP.NET role management. You might want to experiment with
additional features of role management. For example, you
might want to:

Work with Windows roles instead of custom roles that you
create in the membership system.

Work programmatically with roles. For details, see Managing
Authorization Using Roles.

Alternatively, you can create a custom provider that allows
you to use an existing or custom data store for membership
and role information. For more information, see
Implementing a Role Provider.

Apply access rules to links that are displayed in the
navigational structure of your Web site. For more
information, see Walkthrough: Filtering Site-Map Nodes
Based on Security Roles.

See Also