1

I have been trying to implement role based security on my MVC4 application so that some controller actions are blocked to non admin members. I have found this information page on MSDN: http://msdn.microsoft.com/en-us/library/5k850zwb%28v=vs.100%29.aspx

Can someone tell me where would be the best place to great the admin group itself using the following line:

Roles.CreateRole("Admin");

I know I want to check my user database table and check the IsAdmin column on the Home Controller Index but I am not sure about where to create the actual Admin role itself. Any help would be greatly appreciated.

Jay
  • 3,012
  • 14
  • 48
  • 99

1 Answers1

1

Just add it manually to webpages_Roles table of your database.

If you want to do it programatically, add it to the InitializeSimpleMembershipAttribute.cs file into the Filters folder, below the folloing line:

WebSecurity.InitializeDatabaseConnection("DefaultConnection", "UserProfile", "UserId", "UserName", autoCreateTables: true);        

// here it REALLY is...!
if (!Roles.RoleExists("Admin"))
    Roles.CreateRole("Admin");
Amin Saqi
  • 18,549
  • 7
  • 50
  • 70
  • Hi Amin, I have tried your suggestion but I am now receiving the following error: This method can only be called during the application's pre-start initialization phase. Use PreApplicationStartMethodAttribute to declare a method that will be invoked in that phase. – Jay Aug 21 '13 at 10:03
  • Still throwing the error on the compule of the if statement with the User PreApplicationStartMethodAttribute error – Jay Aug 21 '13 at 10:21
  • Hey Amin no worries its less of a mess than it was been trying this all morning, I do not have a InitializeSimpleMembershipAttribute.cs file in the filters folder, I am using ADFS for authentication would this be the reason? – Jay Aug 21 '13 at 10:30
  • @Jay - Yeah man! if you use `Internet Application` template and default simple membership, you have that file...! Now, I don't think that you could use this approach...! So, it seems that it's better for you to add them manually, once for ever... – Amin Saqi Aug 21 '13 at 10:34
  • I have a field the user table of my database called IsAdmin. Is there any means of authorizing controllers or pages against this field? – Jay Aug 21 '13 at 11:02
  • @Jay - I don't think so... All those methods I told just work with standard or custom membership providers, and none of them use such a pattern you have. I advice you not to bother yourself by trying to handle authentication and authorization manually. Just leave it for the default membership of your application... – Amin Saqi Aug 21 '13 at 11:10
  • Hi Amin, I have looked at the default Initialize simple membership file that you mentioned previously, could this be ammended in anyway to look at my EF class for storing User data? – Jay Aug 21 '13 at 11:13
  • @Jay - If you use simple membership or you correctly configure your custom role provider, you can use that code every where in your project! However it's better to use them in a relevant place... – Amin Saqi Aug 22 '13 at 07:33
  • What do I need for simple membership? I have a db class called LearningUser with relevant fields – Jay Aug 22 '13 at 08:02
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/35980/discussion-between-aminsaghi-and-jay) – Amin Saqi Aug 22 '13 at 08:13
  • I use System.Security.Claims.ClaimsIdentity claimsIdentity = (System.Security.Claims.ClaimsIdentity)System.Threading.Thread.CurrentPrincipal.‌​Identity; to get the user details Then I iterate to find username foreach (System.Security.Claims.Claim claim in claimsIdentity.Claims) { if (claim.Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname") { userName = claim.Value; } } I have a user table and a dbcontext And it is implemented using the repository pattern – Jay Aug 22 '13 at 09:14