3/05/2011

How to write your custom role provider in ASP.NET : Role provider for oracle

Did you ever have to get the user membership information / Role information from a custom table in a database other than ASPNET SQL db ... Something like you want to get the information about user role from a userinfo procedure !!

There are two primary reasons that might make you look at creating a custom role provider.

* You need to store role information in a data source that is not supported by the role providers included with the .NET Framework, such as a teradata database, an Oracle database etc...

* You need to manage role information using a database schema that is different from the database schema used by the providers that ship with the .NET Framework. E,g May be your company uses a custom schema for role authorization..

So how difficult is it to write your own custom role provider in ASP.NET ??

Believe me its as easier as drinking a glass of water :)....A Custom RoleProvider inherits from the abstract base class RoleProvider and has a number of optional methods and properties that can be overrriden.

Follow the steps below to create your own custom role provider !!

1. Add a new class to your project and name it as Something like "CustomRoleProvider".
2. Make sure you inherit the class from Abstract class Role Provider.


public class CustomRoleProvider : RoleProvider
{
///
/// This method will override the getrolesforuser method in roleprovider and do the custom implementation
///

///
///
public override string[] GetRolesForUser(string username)
{

List<string> roles = new List<string>();
//Write your own implementation and add roles returned by your methond to role array
return roles.ToArray();
}

public override void AddUsersToRoles(string[] usernames, string[] roleNames)

{
throw new NotImplementedException();
}

}

You can choose the methods for which you want to implement in the role provide class. Now your Custom role provider class is ready. Now you need to modify your web.config.

3, You need to enable the custom role provider and let your application know that the Custom role provider is its default role provider. So please add the following section to your web.config in <system.web> section.


<roleManager enabled="true" defaultProvider="RapidRoleProvider" cacheRolesInCookie="true"
cookieName="AppRoles"
cookieTimeout="20"
cookiePath="/"
cookieRequireSSL="false"
cookieSlidingExpiration="true"
cookieProtection="All">

<providers>
<clear/>
<add name="RapidRoleProvider" type="CustomeRoleProvider"/>
providers>
roleManager>

If you are using namespace in your web application, make sure you give full directive of the class location in type ... Namespace.ClassName ....

You can see that we are caching the roles in a protected cookie which expires periodically. Once you set Cacherolesincookie = true , your role provider will not reach your datbase everytime user requests for a resource. Instead it checks in the cookie and fetches the result fastly. The advantage is the improvement in performance of the application.

4. Now you are done with your custom role provider and you are ready to use it.. Lets make a small test using declarative security attributes. Lets take some page which is only accessible to user role "Normal".

[PrincipalPermission(SecurityAction.Demand, Role = "Normal")]

public partial class Default : System.Web.UI.Page

{

// ...

}


When a user tries to access the above page, the GetRolesForUser Method in CustomRoleProvider will be called to verify the user is assigned to the “Normal” Role. If so, the page works fine. If not, a SecurityException will be thrown, not allowing the page to be viewed.

Now your role provider works fine.So you can enable security trimming on your sitemap and implement role based security in your application.

If you have any doubts / Questions, please feel free to leave your comment.

Need more asp.net tips and tricks ? For more Subscribe here or click here to get updates via email

EESJ9D5YMRCC


5 comments:

I want to read more about it, I want to to read a little bit more about , programing files are so good.If blog author can reply for someone's comment follow his comment, I think it is really cool.

ASP.NET comes with a few built-in providers, like SqlRoleProvider, but it is just as easy to role your own.

It took me days before I mastered this CustomRoleProvide. I watched several videos and read different blogs to learn this thing. I'm glad you made a tutorial post on this one.

The Beats Tour has the accustomed http://www.monstersbeatbydres.us/power-beats.html 20hz to 20,000 khz aggregate response. 20hz appears a little bit ample for an earbud that states for accepting a “good reproduction of hip hop”. On the accustomed agenda the Monster Dre Beats Sale abate account the abundant bigger the bass. From advice 14hz could possibly be the optimal value. However, the Beats Tour earbuds accept an amazing disciplinarian design. As quoted abroad from your Tour’s aspect list: “Large, high-efficiency motorists acquiesce you crank it up and acknowledge loud authority out after any sound- accident distortion. “Driver allocation is amidst apparently the a lot of acute apparatus to appearance up for if affairs earbuds (especially if you in fact acquaintance for just about any superb bass response). because of the tiny size, earbuds on the accustomed agenda accept http://www.monstersbeatbydres.us/blog/ characterless drivers. The Tour earbuds accompaniment ample drivers, and centered abreast to the favorable chump response, it appears the ample motorists allocation produces up to the characterless aggregate response.

Post a Comment