0

Question No 1

I am familiar with role management, a particular member in a particular role can do this and access this functionally. What I need to do is Manage individual user, not the role he is in.

For example, lets say I create a role, called "Sales". I setup the role permission what the sales persons can do. Now i want to keep a check on individual user. For example if this is "john", i want to show him the records only he created. If his is peter, I want to show him only that records which he created, not by john or other sales people.

Is there a thing called "User Management" in ASP.NET that we can use? If not we have to create it ourselves and I believe the integration with ASP.NET "Role Management" will not be that smooth.

Question No 2.

I am using control for user login. I want to create a session at this time so I can keep track of which user is signed in so I can show him the records only pertaining to him. How can I do that?

TheTechGuy
  • 16,560
  • 16
  • 115
  • 136
  • @Buller, that might be useful to me. What probably I missed in the original question is each user has an ID (this is outside the membership roles provided by asp.net). I have to connect this ID to the ASP.NET user. The thing is, user is ASP.NET based but certain permission on individual user is outside ASP.NET, I have to connect the two using this id. Each record does have ID which points to which user has created it. But this ID is not connected to any user yet, since I have access only to the username of the login and he does not maintain an ID. I have to link the two. – TheTechGuy Jun 17 '11 at 15:23

4 Answers4

1

Your Q1 isn't really about Role vs User management (ie: authorizations) at this point. It's about audit tracking within your application.

And the way you do that is you capture the ID of the user who created the record in question with the record, so that later you can filter on that ID.

Pseudo database structure

Table Sales
    Field...
    Field...
    Field...
    CreatedByUser int not null, -- Populate this on creation and never change it again
    ModifiedByUser int not null - populate this on every row update including insert
The Evil Greebo
  • 7,013
  • 3
  • 28
  • 55
  • My question is how to connect this id with the user knowing that the user is ASP.NET based while this id is outside asp.net roles. I have a linkage in the form of a table, this user -> this id. – TheTechGuy Jun 17 '11 at 15:26
  • Exactly - when you authorize the user, you need to get the user's ID from he database, and then store that value in your audited data. – The Evil Greebo Jun 17 '11 at 15:27
  • @Dave in response to your comment, it sounds like you are saying records are being entered from another application which uses a different user DB. Is that correct? – pseudocoder Jun 17 '11 at 15:40
  • The records are in the same application. The users are created by admin only. they can't change password themselves. – TheTechGuy Jun 17 '11 at 17:10
1

See ASP.NET Profile Properties.

Assuming the records in the database correspond to a unique ID for a user, you can store the unique id in a profile property per user.

David
  • 72,686
  • 18
  • 132
  • 173
0

You are talking about Authentication and Authorization. For question 1 you and implement a custom authorization provider to allow for user level control http://msdn.microsoft.com/en-us/library/aa479048.aspx For question 2, once you log in and are Authenticated, the session contains a userprinciple object that has the info in it automatically.

Bueller
  • 2,336
  • 17
  • 11
0

1) If you want to filter records by the creating user, you need to record in your table the ID of the user who created the record. You can access the name of current user through User.Identity.Name and their ID (provider-dependent) through User.ProviderUserKey.

2) Sessions are created automatically in ASP.NET and provided you have a properly configured MembershipProvider, you can retrieve all the needed user info using the User object as shown above.

It sounds like you are a little unfamiliar with ASP.NET Membership and Roles capabilities, because they are actually set up quite well to accomplish what you are describing. I would recommend checking out this tutorial series:

https://web.archive.org/web/20211020202857/http://www.4guysfromrolla.com/articles/120705-1.aspx

pseudocoder
  • 4,314
  • 2
  • 25
  • 40
  • I really loved David's answer (profile solution), but this one looks even easier to implement. Now I am using seperate IDS which are not the ids created in aspnet tables. But may be I can find a match and use those instead. If I want to use the profile solution, I need to be able to insert the user_id field at the time of registration (which an admin does, not the user), which I am researching right now. yes I am new to ASP.NET with PHP background. Thank you much – TheTechGuy Jun 17 '11 at 15:43
  • Adding a profile property in the asp.net user is probably the most built-in way to associate your two users from different user databases. It can however be a little clunky to access since profile properties are "packed" into one field in the SQL DB. In some scenarios it might be better to use a separate user mapping table that references your aspnet_Users table as a foreign key. – pseudocoder Jun 17 '11 at 15:52