Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Moving Security Concerns to Data Access Layer

Tags:

c#

asp.net-mvc

asp.net-mvc-4

I am moving all of the Authentication and Security concerns into my Data Access Layer on an ASP.NET MVC4 Internet Application. Everything is fine for logging in, logging out, creating users etc but I am hitting a stumbling block with adding users to roles.

After Creating a user account I want to add them to some default roles. The method for doing so looks like this

public static string CreateUserAccount(string username, string password)
{
    WebSecurity.CreateUserAndAccount(username, password);
    var roleProvider = new SimpleRoleProvider();
    roleProvider.AddUsersToRoles(new[] {username}, new[] {"MeterInfo", "SiteInfo", "AMRInfo", "InstallImages"});
    return username + " Account Created";
}

The call to WebSecurity for creating the account is OK, but my use of SimpleRoleProvider causes this error

You must call the "WebSecurity.InitializeDatabaseConnection" method before you call any other method of the "WebSecurity" class. This call should be placed in an _AppStart.cshtml file in the root of your site.

The InitializeDatabaseConnection is already handled in the AuthConfig which is called on startup by global.asax.

AssetRegisterDataLayer.DataAccess.Security.InitializeSecurity();

The method being called on my DataAccess layer looks like this

public static void InitializeSecurity()
{
    WebSecurity.InitializeDatabaseConnection("AssetRegisterDb","UserProfile","UserId","UserName", false);   
}

I have seen this issue happen when people use the out of the box config for MVC4 where the Accounts controller is decorated with the [InitializeSimpleMembership] attribute instead of calling the WebSecurity initializer at application start, but that is not the case here. Anyone know why all the WebSecurity works except roles?

Thanks very much

like image 445
Lotok Avatar asked Apr 26 '26 23:04

Lotok

1 Answers

I have found my mistake, I will answer my own question in case someone else has a similar issue.

The error in the code shown in my question was instantiating a new SimpleRoleProvider. I should have done this

public static string CreateUserAccount(string username, string password)
{
    WebSecurity.CreateUserAndAccount(username, password);
    var roleProvider = (SimpleRoleProvider)Roles.Provider;
    roleProvider.AddUsersToRoles(new[] {username}, new[] {"MeterInfo", "SiteInfo", "AMRInfo", "InstallImages"});
    return username + " Account Created";
}
like image 138
Lotok Avatar answered Apr 29 '26 14:04

Lotok
Sign in to Comment

Related questions

Can a C# custom attribute be evaluated at compile time?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!