CS 3870 Prog6 Roles Management Due Monday, November 5 Group Assignment

Roles Better approach to manage multiple users Roles for Prog6: Admin and Member Users in role Admin can access pages of Admin, but not pages of Member Users in role Member cannot access pages of Admin, but can access pages of Member One user could be in multiple roles

New User UserName: Windows Password: cs3340@UWP Email: your UWP email Other: your choice

New User UserName: WebApps Password: cs3870@UWP Email: your UWP email Other: your choice

New User UserName: Qi Password: 213@Ullrich Email: your UWP email Other: your choice

Users and Roles WebApps Windows Qi csse Admin and Member Member Admin Not in any roles

Web.config under the root folder Enabling RoleManager Web.config under the root folder <system.web> <roleManager defaultProvider="AlphaRoleProvider" enabled="true" cacheRolesInCookie="true" cookieName=".ASPROLES" cookieTimeout="30" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="All"> <providers> <clear/> <add name="AlphaRoleProvider“ type="UWPCS3870.AlphaRoleProvider" connectionStringName="AlphaConnectionString" applicationName="CS3870" writeExceptionsToEventLog="false"/> </providers> </roleManager> </system.web>

Page SetRoles

Page Load //Load event initializes dropdown boxes. protected void Page_Load(object sender, EventArgs e) { if (IsPostBack) return; try ListUsersBind(); //get all users ListRolesBind(); //get all roles ListUsersInRolesBind(); } catch(Exception ex) . . .

//Binds all users to dropdown. private void ListUsersBind() { lstUsers.DataSource = Membership.GetAllUsers(); lstUsers.DataBind(); }

//Binds roles to dropdown. private void ListRolesBind() { try lstRoles.DataSource = Roles.GetAllRoles(); lstRoles.DataBind(); } catch(Exception ex) txtMessage.Text = ex.Message;

//Binds users of a certain role to dropdown. private void ListUsersInRolesBind() { try lstUsersInRoles.DataSource = Roles.GetUsersInRole(lstRoles.SelectedValue); lstUsersInRoles.DataBind(); } catch(Exception ex) txtMessage.Text = ex.Message;

//Adds a role to the system. protected void btnAddRole_Click(object sender, EventArgs e) { try //Role name is txtRoles.Text Roles.CreateRole(txtRoles.Text); txtMessage.Text = "Role " + txtRoles.Text + " has been added"; ListRolesBind(); ListUsersInRolesBind(); } catch(Exception ex) txtMessage.Text = ex.Message; protected void btnRemoveRole_Click( . . . )

//Adds a user to a role. protected void btnAddUserToRole_Click(. . .) { try Roles.AddUserToRole(lstUsers.Text, lstRoles.SelectedValue); txtMessage.Text = "User " + lstUsers.Text + " has been added to the role " + lstRoles.Text; ListUsersInRolesBind(); } catch(Exception ex) txtMessage.Text = ex.Message; protected void btnRemoveUserFromRole_Click( . . . )

‘ AutoPostBack: True Protected Sub lstRoles_SelectedIndexChanged(. . .) Handles lstRoles.SelectedIndexChanged ListUsersInRoleBind() End Sub

//Deletes a user. protected void btnDeleteUser_Click(object sender, EventArgs e) { try Membership.DeleteUser(lstUsers.Text, true); txtMessage.Text = "User " + lstUsers.Text + " has been deleted."; ListUsersBind(); ListUsersInRolesBind(); } catch(Exception ex) txtMessage.Text = ex.Message;

Main Web.Config <location path="Prog6/Member"> <system.web> <authorization> <allow roles=“Member"/> <deny users=“*" /> </authorization> </system.web> </location> <location path="Prog6/Admin"> <allow roles="Admin"/> <deny users="*" />

Authorization Configuration File under the folder Admin <system.web> <authorization> <allow roles="Admin"/> <deny users="*" /> </authorization> </system.web>

Authorization Configuration File under the folder Member <system.web> <authorization> <allow roles=“Member"/> <deny users="*" /> </authorization> </system.web>

Need One of Them, Not Both Main Web.config Web.config in subfolder

WebSite and ApplicationName Each student has a website on Alpha Physical folder Name: UWP username Website name in IIS : UWP username IIS Applicationpool : UWP username ApplicationName for membership and role management In the main Web.config

Prog 6 Must change the ApplicationName for both membership and role management to your UWP username Same on Test 2

Login UserName Displayed on program Master Page Could save it using Session variable Session("Prog6_UserName") = Page.User.Identity.Name Retrieve the UserName on any pages

You should be able to do it yourselves! Total on Page Checkout You should be able to do it yourselves!

Site Map XML File Web.sitemap Organize the pages in the site hierarchically Must be located in the application root directory Automatically picked up by the default site-map provider SiteMapDataSource

Creating File Web.sitemap Right click the application root Add Add New Site Map It could be created in a sub-folder, but won’t be recognized

Initial Web.sitemap <?xml version="1.0" encoding="utf-8" ?> <siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" > <siteMapNode url="" title="" description=""> <siteMapNode url="" title="" description="" /> </siteMapNode> </siteMap>

Web.sitemap Contains only one siteMapNode element The root node can contain any number of child siteMapNode elements The child notes can have their child notes Note Properties URL: can be empty, but no duplicate Title Description

Test 2 November 8 Group Test Prog5 and Prog6 Authentication and Authorization Login Create User and Roles Assign users to roles Accessing Database