How to: Sample Role-Provider Implementation
Illustrates a role-provider implementation.
The following code illustrates a role-provider implementation. For more information, see Sample Role-Provider Implementation.
using System.Web.Security; using System.Configuration.Provider; using System.Collections.Specialized; using System; using System.Data; using System.Data.Odbc; using System.Configuration; using System.Diagnostics; using System.Web; using System.Globalization; /* This provider works with the following schema for the tables of role data. CREATE TABLE Roles ( Rolename Text (255) NOT NULL, ApplicationName Text (255) NOT NULL, CONSTRAINT PKRoles PRIMARY KEY (Rolename, ApplicationName) ) CREATE TABLE UsersInRoles ( Username Text (255) NOT NULL, Rolename Text (255) NOT NULL, ApplicationName Text (255) NOT NULL, CONSTRAINT PKUsersInRoles PRIMARY KEY (Username, Rolename, ApplicationName) ) */ namespace Samples.AspNet.Roles { public sealed class OdbcRoleProvider: RoleProvider { // // Global connection string, generic exception message, event log info. // private string eventSource = "OdbcRoleProvider"; private string eventLog = "Application"; private string exceptionMessage = "An exception occurred. Please check the Event Log."; private ConnectionStringSettings pConnectionStringSettings; private string connectionString; // // If false, exceptions are thrown to the caller. If true, // exceptions are written to the event log. // private bool pWriteExceptionsToEventLog = false; public bool WriteExceptionsToEventLog { get { return pWriteExceptionsToEventLog; } set { pWriteExceptionsToEventLog = value; } } // // System.Configuration.Provider.ProviderBase.Initialize Method // public override void Initialize(string name, NameValueCollection config) { // // Initialize values from web.config. // if (config == null) throw new ArgumentNullException("config"); if (name == null || name.Length == 0) name = "OdbcRoleProvider"; if (String.IsNullOrEmpty(config["description"])) { config.Remove("description"); config.Add("description", "Sample ODBC Role provider"); } // Initialize the abstract base class. base.Initialize(name, config); if (config["applicationName"] == null || config["applicationName"].Trim() == "") { pApplicationName = System.Web.Hosting.HostingEnvironment.ApplicationVirtualPath; } else { pApplicationName = config["applicationName"]; } if (config["writeExceptionsToEventLog"] != null) { if (config["writeExceptionsToEventLog"].ToUpper() == "TRUE") { pWriteExceptionsToEventLog = true; } } // // Initialize OdbcConnection. // pConnectionStringSettings = ConfigurationManager. ConnectionStrings[config["connectionStringName"]]; if (pConnectionStringSettings == null || pConnectionStringSettings.ConnectionString.Trim() == "") { throw new ProviderException("Connection string cannot be blank."); } connectionString = pConnectionStringSettings.ConnectionString; } // // System.Web.Security.RoleProvider properties. // private string pApplicationName; public override string ApplicationName { get { return pApplicationName; } set { pApplicationName = value; } } // // System.Web.Security.RoleProvider methods. // // // RoleProvider.AddUsersToRoles // public override void AddUsersToRoles(string[] usernames, string[] rolenames) { foreach (string rolename in rolenames) { if (!RoleExists(rolename)) { throw new ProviderException("Role name not found."); } } foreach (string username in usernames) { if (username.Contains(",")) { throw new ArgumentException("User names cannot contain commas."); } foreach (string rolename in rolenames) { if (IsUserInRole(username, rolename)) { throw new ProviderException("User is already in role."); } } } OdbcConnection conn = new OdbcConnection(connectionString); OdbcCommand cmd = new OdbcCommand("INSERT INTO UsersInRoles " + " (Username, Rolename, ApplicationName) " + " Values(?, ?, ?)", conn); OdbcParameter userParm = cmd.Parameters.Add("@Username", OdbcType.VarChar, 255); OdbcParameter roleParm = cmd.Parameters.Add("@Rolename", OdbcType.VarChar, 255); cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = ApplicationName; OdbcTransaction tran = null; try { conn.Open(); tran = conn.BeginTransaction(); cmd.Transaction = tran; foreach (string username in usernames) { foreach (string rolename in rolenames) { userParm.Value = username; roleParm.Value = rolename; cmd.ExecuteNonQuery(); } } tran.Commit(); } catch (OdbcException e) { try { tran.Rollback(); } catch { } if (WriteExceptionsToEventLog) { WriteToEventLog(e, "AddUsersToRoles"); } else { throw e; } } finally { conn.Close(); } } // // RoleProvider.CreateRole // public override void CreateRole(string rolename) { if (rolename.Contains(",")) { throw new ArgumentException("Role names cannot contain commas."); } if (RoleExists(rolename)) { throw new ProviderException("Role name already exists."); } OdbcConnection conn = new OdbcConnection(connectionString); OdbcCommand cmd = new OdbcCommand("INSERT INTO Roles " + " (Rolename, ApplicationName) " + " Values(?, ?)", conn); cmd.Parameters.Add("@Rolename", OdbcType.VarChar, 255).Value = rolename; cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = ApplicationName; try { conn.Open(); cmd.ExecuteNonQuery(); } catch (OdbcException e) { if (WriteExceptionsToEventLog) { WriteToEventLog(e, "CreateRole"); } else { throw e; } } finally { conn.Close(); } } // // RoleProvider.DeleteRole // public override bool DeleteRole(string rolename, bool throwOnPopulatedRole) { if (!RoleExists(rolename)) { throw new ProviderException("Role does not exist."); } if (throwOnPopulatedRole && GetUsersInRole(rolename).Length > 0) { throw new ProviderException("Cannot delete a populated role."); } OdbcConnection conn = new OdbcConnection(connectionString); OdbcCommand cmd = new OdbcCommand("DELETE FROM Roles " + " WHERE Rolename = ? AND ApplicationName = ?", conn); cmd.Parameters.Add("@Rolename", OdbcType.VarChar, 255).Value = rolename; cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = ApplicationName; OdbcCommand cmd2 = new OdbcCommand("DELETE FROM UsersInRoles " + " WHERE Rolename = ? AND ApplicationName = ?", conn); cmd2.Parameters.Add("@Rolename", OdbcType.VarChar, 255).Value = rolename; cmd2.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = ApplicationName; OdbcTransaction tran = null; try { conn.Open(); tran = conn.BeginTransaction(); cmd.Transaction = tran; cmd2.Transaction = tran; cmd2.ExecuteNonQuery(); cmd.ExecuteNonQuery(); tran.Commit(); } catch (OdbcException e) { try { tran.Rollback(); } catch { } if (WriteExceptionsToEventLog) { WriteToEventLog(e, "DeleteRole"); return false; } else { throw e; } } finally { conn.Close(); } return true; } // // RoleProvider.GetAllRoles // public override string[] GetAllRoles() { string tmpRoleNames = ""; OdbcConnection conn = new OdbcConnection(connectionString); OdbcCommand cmd = new OdbcCommand("SELECT Rolename FROM Roles " + " WHERE ApplicationName = ?", conn); cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = ApplicationName; OdbcDataReader reader = null; try { conn.Open(); reader = cmd.ExecuteReader(); while (reader.Read()) { tmpRoleNames += reader.GetString(0) + ","; } } catch (OdbcException e) { if (WriteExceptionsToEventLog) { WriteToEventLog(e, "GetAllRoles"); } else { throw e; } } finally { if (reader != null) { reader.Close(); } conn.Close(); } if (tmpRoleNames.Length > 0) { // Remove trailing comma. tmpRoleNames = tmpRoleNames.Substring(0, tmpRoleNames.Length - 1); return tmpRoleNames.Split(','); } return new string[0]; } // // RoleProvider.GetRolesForUser // public override string[] GetRolesForUser(string username) { string tmpRoleNames = ""; OdbcConnection conn = new OdbcConnection(connectionString); OdbcCommand cmd = new OdbcCommand("SELECT Rolename FROM UsersInRoles " + " WHERE Username = ? AND ApplicationName = ?", conn); cmd.Parameters.Add("@Username", OdbcType.VarChar, 255).Value = username; cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = ApplicationName; OdbcDataReader reader = null; try { conn.Open(); reader = cmd.ExecuteReader(); while (reader.Read()) { tmpRoleNames += reader.GetString(0) + ","; } } catch (OdbcException e) { if (WriteExceptionsToEventLog) { WriteToEventLog(e, "GetRolesForUser"); } else { throw e; } } finally { if (reader != null) { reader.Close(); } conn.Close(); } if (tmpRoleNames.Length > 0) { // Remove trailing comma. tmpRoleNames = tmpRoleNames.Substring(0, tmpRoleNames.Length - 1); return tmpRoleNames.Split(','); } return new string[0]; } // // RoleProvider.GetUsersInRole // public override string[] GetUsersInRole(string rolename) { string tmpUserNames = ""; OdbcConnection conn = new OdbcConnection(connectionString); OdbcCommand cmd = new OdbcCommand("SELECT Username FROM UsersInRoles " + " WHERE Rolename = ? AND ApplicationName = ?", conn); cmd.Parameters.Add("@Rolename", OdbcType.VarChar, 255).Value = rolename; cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = ApplicationName; OdbcDataReader reader = null; try { conn.Open(); reader = cmd.ExecuteReader(); while (reader.Read()) { tmpUserNames += reader.GetString(0) + ","; } } catch (OdbcException e) { if (WriteExceptionsToEventLog) { WriteToEventLog(e, "GetUsersInRole"); } else { throw e; } } finally { if (reader != null) { reader.Close(); } conn.Close(); } if (tmpUserNames.Length > 0) { // Remove trailing comma. tmpUserNames = tmpUserNames.Substring(0, tmpUserNames.Length - 1); return tmpUserNames.Split(','); } return new string[0]; } // // RoleProvider.IsUserInRole // public override bool IsUserInRole(string username, string rolename) { bool userIsInRole = false; OdbcConnection conn = new OdbcConnection(connectionString); OdbcCommand cmd = new OdbcCommand("SELECT COUNT(*) FROM UsersInRoles " + " WHERE Username = ? AND Rolename = ? AND ApplicationName = ?", conn); cmd.Parameters.Add("@Username", OdbcType.VarChar, 255).Value = username; cmd.Parameters.Add("@Rolename", OdbcType.VarChar, 255).Value = rolename; cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = ApplicationName; try { conn.Open(); int numRecs = (int)cmd.ExecuteScalar(); if (numRecs > 0) { userIsInRole = true; } } catch (OdbcException e) { if (WriteExceptionsToEventLog) { WriteToEventLog(e, "IsUserInRole"); } else { throw e; } } finally { conn.Close(); } return userIsInRole; } // // RoleProvider.RemoveUsersFromRoles // public override void RemoveUsersFromRoles(string[] usernames, string[] rolenames) { foreach (string rolename in rolenames) { if (!RoleExists(rolename)) { throw new ProviderException("Role name not found."); } } foreach (string username in usernames) { foreach (string rolename in rolenames) { if (!IsUserInRole(username, rolename)) { throw new ProviderException("User is not in role."); } } } OdbcConnection conn = new OdbcConnection(connectionString); OdbcCommand cmd = new OdbcCommand("DELETE FROM UsersInRoles " + " WHERE Username = ? AND Rolename = ? AND ApplicationName = ?", conn); OdbcParameter userParm = cmd.Parameters.Add("@Username", OdbcType.VarChar, 255); OdbcParameter roleParm = cmd.Parameters.Add("@Rolename", OdbcType.VarChar, 255); cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = ApplicationName; OdbcTransaction tran = null; try { conn.Open(); tran = conn.BeginTransaction(); cmd.Transaction = tran; foreach (string username in usernames) { foreach (string rolename in rolenames) { userParm.Value = username; roleParm.Value = rolename; cmd.ExecuteNonQuery(); } } tran.Commit(); } catch (OdbcException e) { try { tran.Rollback(); } catch { } if (WriteExceptionsToEventLog) { WriteToEventLog(e, "RemoveUsersFromRoles"); } else { throw e; } } finally { conn.Close(); } } // // RoleProvider.RoleExists // public override bool RoleExists(string rolename) { bool exists = false; OdbcConnection conn = new OdbcConnection(connectionString); OdbcCommand cmd = new OdbcCommand("SELECT COUNT(*) FROM Roles " + " WHERE Rolename = ? AND ApplicationName = ?", conn); cmd.Parameters.Add("@Rolename", OdbcType.VarChar, 255).Value = rolename; cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = ApplicationName; try { conn.Open(); int numRecs = (int)cmd.ExecuteScalar(); if (numRecs > 0) { exists = true; } } catch (OdbcException e) { if (WriteExceptionsToEventLog) { WriteToEventLog(e, "RoleExists"); } else { throw e; } } finally { conn.Close(); } return exists; } // // RoleProvider.FindUsersInRole // public override string[] FindUsersInRole(string rolename, string usernameToMatch) { OdbcConnection conn = new OdbcConnection(connectionString); OdbcCommand cmd = new OdbcCommand("SELECT Username FROM UsersInRoles " + "WHERE Username LIKE ? AND RoleName = ? AND ApplicationName = ?", conn); cmd.Parameters.Add("@UsernameSearch", OdbcType.VarChar, 255).Value = usernameToMatch; cmd.Parameters.Add("@RoleName", OdbcType.VarChar, 255).Value = rolename; cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = pApplicationName; string tmpUserNames = ""; OdbcDataReader reader = null; try { conn.Open(); reader = cmd.ExecuteReader(); while (reader.Read()) { tmpUserNames += reader.GetString(0) + ","; } } catch (OdbcException e) { if (WriteExceptionsToEventLog) { WriteToEventLog(e, "FindUsersInRole"); } else { throw e; } } finally { if (reader != null) { reader.Close(); } conn.Close(); } if (tmpUserNames.Length > 0) { // Remove trailing comma. tmpUserNames = tmpUserNames.Substring(0, tmpUserNames.Length - 1); return tmpUserNames.Split(','); } return new string[0]; } // // WriteToEventLog // A helper function that writes exception detail to the event log. Exceptions // are written to the event log as a security measure to avoid private database // details from being returned to the browser. If a method does not return a status // or boolean indicating the action succeeded or failed, a generic exception is also // thrown by the caller. // private void WriteToEventLog(OdbcException e, string action) { EventLog log = new EventLog(); log.Source = eventSource; log.Log = eventLog; string message = exceptionMessage + "\n\n"; message += "Action: " + action + "\n\n"; message += "Exception: " + e.ToString(); log.WriteEntry(message); } } }
Convert To Entity Framework
If you wanna try this sample in EF you can user this class http://justpaste.it/k34
- 10/26/2011
- Selçuk Yavuz
Changes to System.Web.Security in .NET Framework 4
Extracted from: http://www.asp.net/learn/whitepapers/aspnet4/breaking-changes#0.1__Toc256770156
MembershipUser and Other Types in the System.Web.Security Namespace Have Been Moved
Some types that are used in ASP.NET membership have been moved from System.Web.dll
to the new System.Web.ApplicationServices.dll assembly. The types were
moved in order to resolve architectural layering dependencies between
types in the client and in extended .NET Framework SKUs.
Web site projects do not have problems as a result of moving these types, because System.Web.ApplicationServices.dll was added to the list of referenced assemblies that is used by default by the ASP.NET compilation system. If you upgrade a Web site project that was created using an earlier version of ASP.NET to ASP.NET 4 by opening it in Visual Studio 2010, the project will compile without errors.
Similarly, if you upgrade a Web application project that was created in an earlier version of ASP.NET to ASP.NET 4 by opening it in Visual Studio 2010, the upgrade process adds a reference to System.Web.ApplicationServices.dll to the project. Therefore, upgraded Web application projects will also compile without errors.
Compiled (binary) files that were created using earlier versions of
ASP.NET will also run without errors on ASP.NET 4, even though the
membership types were moved to a different assembly. Type forwarding
information has been added to the ASP.NET 4 version of System.Web.dll that automatically routes run-time references for these types to the new location for the types.
However, class libraries that use specific membership types and that have been upgraded from earlier versions of ASP.NET will fail to compile when used in an ASP.NET 4 project. For example, a class library project might fail to compile and report an error such as the following:
The type 'System.Web.Security.MembershipUser' is defined in an
assembly that is not referenced. You must add a reference to assembly
'System.Web.ApplicationServices, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35'.
The type name 'MembershipUser' could not be found. This type
has been forwarded to assembly 'System.Web.ApplicationServices,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'.
Consider adding a reference to that assembly.
You can work around this problem by adding a reference in your class library project to System.Web.ApplicationServices.dll.
The following list shows the System.Web.Security types that were moved from System.Web.dll to System.Web.ApplicationServices.dll:
- System.Web.Security.MembershipCreateStatus
- System.Web.Security.Membership.CreateUserException
- System.Web.Security.MembershipPasswordException
- System.Web.Security.MembershipPasswordFormat
- System.Web.Security.MembershipProvider
- System.Web.Security.MembershipProviderCollection
- System.Web.Security.MembershipUser
- System.Web.Security.MembershipUserCollection
- System.Web.Security.MembershipValidatePasswordEventHandler
- System.Web.Security.ValidatePasswordEventArgs
- System.Web.Security.RoleProvider
- System.Web.Configuration.MembershipPasswordCompatibilityMode
- 7/19/2011
- Sanjeewa Kalupahana
