Click here to Skip to main content
15,868,158 members
Please Sign up or sign in to vote.
4.00/5 (1 vote)
Trying to grasp how I should use MVC 4 (VS 2013) with Forms Auth. Heres the steps i took

1. Create a new project ASP .Net MVC 4 > Internet Application (A default ASP.NET MVC 4 project with an account controller that uses forms authentication.).

2. Run app and all runs. I create a user using the public accessible /Account/Register link

3. The code that ran has created 4 tables. webpages_Membership, webpages_OAuthMembership, webpages_Roles, webpages_UsersInRoles. I see my username listed in 1 table and related info in another. Nothing in Roles.

I would like to add a role and restrict the register link to one group. If a user arrives to register page and is not part of the group they receive an error.

I tried adding [Authorize(Roles="Admin")] to one of the methods found under the automatic class generated AccountController but this did not resolve the issue.

I was then considering adding the role manually but i dont know if thats the correct way or if i need to change the web.config file (this seems to be recommended for webforms but couldnt find anything to suggest it's ok for MVC).

Can anyone guide me to add a role and associate it with a user? I have created this base project to expand on so going further i would make similar changes.

What I have tried:

I tried adding [Authorize(Roles="Admin")] to one of the methods found under the automatic class generated AccountController but this did not resolve the issue.

I was then considering adding the role manually but i dont know if thats the correct way or if i need to change the web.config file (this seems to be recommended for webforms but couldnt find anything to suggest it's ok for MVC).
Posted
Updated 18-Jan-20 19:38pm
Comments
Richard Deeming 15-Jan-20 7:36am    
If the "register" page is for new, unregistered users to create an account, then how would you restrict it to users in a particular role? The user isn't authenticated yet, so they can't be a member of any roles.

What are you using to manage the membership? There have been several different authentication/authorization systems released by Microsoft over the years, and the answer to your question will be different for each one.

1 solution

I Assume you want to give option of registration to some particular role, so here are the steps you need to follow

First create a role, then Assign the role to those users you want to allow and Last you need to put Authorization on all those actions.

For creating a role you can use Role Manager,
C#
// Create object of role manager
var roleManager = new RoleManager<IdentityRole>(new RoleStore<IdentityRole>(new YourDataContext()));

// Create Role in the system
var role = new IdentityRole(){Name="Admin"};
var result = await roleManager.CreateAsync(role);
if (result.Succeeded)
{

}

//Crate object of user manager
var userManager = new UserManager<AppUser>(new UserStore<AppUser>(new YourDataContext()))


// Find User by email
var user = await userManager.FindByEmailAsync(model.Email);

// Assign roles to user
await userManager.AddToRolesAsync(user.Id, model.Roles.ToArray()); // Roles will have role names e.g. "Admin", "Approver" etc


[Authorize(Roles = "Admin")]
public ActionResult Register()
{
}
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900