Role Management in .Net By: Rajat Singh

1
Role Management in .Net By Rajat Singh

• CS 795
• Class Presentation

2
Authentication and Authorization

• Authentication User proves his/her identity
• Provides Set of Credentials
• Windows/Forms/Passport authentication
• Authorization What actions and resources a user
  has authority to access
• Checks credentials to authorize access

3
Role Management

• A role is a logical categorization that grants
  members of the role specific permissions.
• Helps to make security decisions based on the
  user running the code
• An abstract concept that can be used to represent
  any kind of grouping to assign a set of
  permissions

4
Role Management, User Identity, and Membership

• Identify users to determine whether the user is
  in a specific role or not
• Establish user identity in two ways
• Windows authentication Identify users using
  their Windows domain account name.
• Forms authentication Use role management to
  define roles and assign membership user IDs to
  those roles.

5
Enabling Role Manager

• By Default Role Manager is disabled
• Enable it via Web.Config
• Role manager feature includes a roles management
  API that allows

ltsystem.webgt ltroleManager enabled"true"
/gt lt/system.webgt
6
Role Management API

• Creating roles and deleting roles
• Assigning roles to users
• Deleting users from assigned roles
• Determines programmatically whether a user is in
  a role
• Getting information about which users are in
  which roles.

7
Key Roles Methods

• CreateRole() To create a new Role

if (!Roles.RoleExists(Manager))
Roles.CreateRole(Manager) else
Message.show(Role Already Exists)
8
Key Roles Methods contd.

• DeleteRole() Deletes an existing role

try Roles.DeleteRole(delRole) Message.show(
Role deleted) catch(Exception ex)
Message.show( Role cannot be deleted)
9
Key Roles Methods contd.

• AddUserToRole() Adds user to a role

try Roles.AddUserToRole(user,
role) Message.show( User Added to specified
Role) catch(Exception ex)
Message.show( User cannot be added specified
Role)
10
Key Roles Methods contd.

• GetRolesForUser() Gets a collection of roles to
  which a user belongs.

try string rolesArray rolesArray
Roles.GetRolesForUser() List1.DataSource
rolesArray List1.DataBind() catch
(Exception ex) Message.show( User
doesnot have any role)
11
Key Roles Methods contd.

• GetUsersInRole() Gets a collection of users
  belonging to a specific role

try string users users
Roles.GetUsersInRole( Manager) List1.DataSourc
e users List1.DataBind() catch
(Exception ex) Message.show( User
doesnot have any role)
12
Key Roles Methods contd.

• RemoveUserFromRole() Removes a user from a
  specific role

try Roles.RemoveUserFromRole( John,
Manager) catch (Exception e)
Message.show( Not Successful)
13
Web Administration Tool

• In ASP.NET 2.0"Web Administration Tool" can be
  used to create the users and then assign roles to
  them.
• Demo!!!

14
References

• Programming .Net Security OReilly
• http//www.c-sharpcorner.com/UploadFile/praveenalw
  ar/praveenalwar08082006090541AM/praveenalwar.aspx
• http//msdn2.microsoft.com/en-us/library/5k850zwb(
  vs.80).aspx

15

• Questions?
• Thank You