SqlRoleProvider.FindUsersInRole Method
Assembly: System.Web (in system.web.dll)
public String[] FindUsersInRole ( String roleName, String usernameToMatch )
public override function FindUsersInRole ( roleName : String, usernameToMatch : String ) : String[]
Not applicable.
Parameters
- roleName
The role to search in.
- usernameToMatch
The user name to search for.
Return Value
A string array containing the names of all the users where the user name matches usernameToMatch and the user is a member of the specified role.| Exception type | Condition |
|---|---|
|
roleName is a null reference (Nothing in Visual Basic) (Nothing in Visual Basic). -or- usernameToMatch is a null reference (Nothing in Visual Basic). | |
|
roleName is an empty string or contains a comma. -or- usernameToMatch is an empty string. -or- roleName is longer than 256 characters. -or- usernameToMatch is longer than 256 characters. | |
|
roleName was not found in the database. -or- An unknown error occurred while communicating with the database. |
The FindUsersInRole method is called by the Roles class and returns a list of users in a role where the user name contains a match of the supplied usernameToMatch for the configured applicationName. The SqlRoleProvider searches for a user name that matches the usernameToMatch parameter value using the LIKE keyword and supports SQL Server wildcard characters. For example, if the usernameToMatch parameter is set to "user1", then membership information for the user with the user name of "user1" is returned, if it exists. If the usernameToMatch parameter is set to "user%", then membership information for users with the user name of "user1", "user2", "user_admin", and so on are returned.
The following code example uses the FindUsersInRole method to display role membership based on user input. For an example of a Web.config file that enables role management, see Roles.
Security Note: |
|---|
|
This example contains a text box that accepts user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview (Visual Studio). |
<%@ Page Language="C#" %> <%@ Import Namespace="System.Web.Security" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <script runat="server"> string[] users; public void Page_Load() { if (!IsPostBack) { RolesListBox.DataSource = Roles.GetAllRoles(); RolesListBox.DataBind(); } } public void GoButton_OnClick(object sender, EventArgs args) { Msg.Text = ""; users = null; if (RolesListBox.SelectedItem == null) { Msg.Text = "Please select a role."; return; } users = Roles.FindUsersInRole(RolesListBox.SelectedItem.Text, UsernameTextBox.Text); if (users.Length < 1) { Msg.Text = "No matching users found in selected role."; } UserGrid.DataSource = users; UserGrid.DataBind(); } </script> <html xmlns="http://www.w3.org/1999/xhtml" > <head> <title>Sample: Find Users</title> </head> <body> <form id="form1" runat="server"> <h3>User List</h3> <asp:Label id="Msg" runat="Server" ForeColor="red" /> <table border="0" cellpadding="3" cellspacing="3"> <tr> <td valign="top">Role:</td> <td valign="top"><asp:ListBox id="RolesListBox" runat="Server" /></td> </tr> <tr> <td valign="top">Username to Search for:</td> <td valign="top"><asp:TextBox id="UsernameTextBox" runat="server" /></td> </tr> </table> <asp:Button id="GoButton" Text=" Go " OnClick="GoButton_OnClick" runat="server" /><br /> <asp:DataGrid id="UserGrid" runat="server" CellPadding="2" CellSpacing="1" Gridlines="Both"> <HeaderStyle BackColor="darkblue" ForeColor="white" /> </asp:DataGrid> </form> </body> </html>
Security Note: