How can user permissions be created?

fatih uyanık 80

Hello

A friend asked me. I wanted to write in case I might get a different suggestion.

Working on wpf project. In the project, there are users who log in to the system by entering a password at the beginning. What he wants to do is to assign roles to these users, such as admin, super admin and user. Then, when the administrator adds a user to the system or wants to give administrator permission, he needs to get permission from the super administrator. How to set up these groups, permissions and permissions scenario?

Thanks.

2 answers

Hui Liu-MSFT 38,251 Reputation points Microsoft Vendor

2023-05-18T09:13:51.1566667+00:00

Hi,@fatih uyanık. Welcome Microsoft Q&A.

For setting permissions such as administrators and ordinary users, you could refer to the solutions here and here. For each user, there is a permission option property, and the user's role can be changed by setting the value of the attribute.

If the response is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Please sign in to rate this answer.
fatih uyanık 80 Reputation points

2023-05-18T11:19:51.1266667+00:00

Hello

This is not the answer I was looking for. I want some information about user role management. How can I set these Permissions? Is there a class we can use for this? Or how can we create our own app?

Thanks.

Hui Liu-MSFT 38,251 Reputation points Microsoft Vendor

2023-05-19T09:24:06.7733333+00:00

Hi,@fatih uyanık. Not sure what your specific wants are. You could try to see if the sample code below is what you want. If yes, you can try to refer to it. If not, please show me some code that can reproduce your requirement and problem to reproduce the problem and analysis.

<Window.DataContext> <local:MainViewModel/> </Window.DataContext> <StackPanel> <StackPanel Orientation="Horizontal" Height="50"> <Button Content="Create" IsEnabled="{Binding IsCreateAllowed}" /> <Button Content="Edit" IsEnabled="{Binding IsEditAllowed}" /> <Button Content="Delete" IsEnabled="{Binding IsDeleteAllowed}" /> </StackPanel> </StackPanel>

Codebedhind:

public class MainViewModel : INotifyPropertyChanged { private User _currentUser; public bool IsCreateAllowed => AuthorizationService.HasPermission(_currentUser, Permission.Create); public bool IsEditAllowed => AuthorizationService.HasPermission(_currentUser, Permission.Edit); public bool IsDeleteAllowed => AuthorizationService.HasPermission(_currentUser, Permission.Delete); public MainViewModel() { } public event PropertyChangedEventHandler PropertyChanged; protected void OnPropertyChanged([CallerMemberName] string name = null) { PropertyChanged?.Invoke(this, new PropertyChangedEventArgs(name)); } } public static class AuthorizationWorkflow { public static void GrantAdminPermission(User grantingUser, User receivingUser) { if (AuthorizationService.CanGrantPermission(grantingUser.Role, receivingUser.Role)) { receivingUser.Role = UserRole.Admin; } else { // Display appropriate error message or handle the inability to grant permission } } public static void RevokeAdminPermission(User grantingUser, User receivingUser) { if (AuthorizationService.CanGrantPermission(grantingUser.Role, receivingUser.Role)) { receivingUser.Role = UserRole.User; } else { // Display appropriate error message or handle the inability to revoke permission } } } public static class AuthorizationService { private static List<Role> _roles = new List<Role>() { new Role { Name = UserRole.User, Permissions = new List<Permission>() }, new Role { Name = UserRole.Admin, Permissions = new List<Permission> { Permission.Create, Permission.Edit } }, new Role { Name = UserRole.SuperAdmin, Permissions = new List<Permission> { Permission.Create, Permission.Edit, Permission.Delete } } }; public static bool HasPermission(User user, Permission permission) { var role = _roles.FirstOrDefault(r => r.Name == user.Role); return role != null && role.Permissions.Contains(permission); } public static bool CanGrantPermission(UserRole grantingUserRole, UserRole receivingUserRole) { var grantingRole = _roles.FirstOrDefault(r => r.Name == grantingUserRole); var receivingRole = _roles.FirstOrDefault(r => r.Name == receivingUserRole); return grantingRole != null && receivingRole != null && grantingRole.Name == UserRole.SuperAdmin && receivingRole.Name != UserRole.SuperAdmin; } } public enum Permission { Create, Edit, Delete } public enum UserRole { User, Admin, SuperAdmin } public class User { public string Username { get; set; } public UserRole Role { get; set; } } public class Role { public UserRole Name { get; set; } public List<Permission> Permissions { get; set; } }

Hui Liu-MSFT 38,251 Reputation points Microsoft Vendor

2023-05-26T03:06:00.16+00:00

Hi,@fatih uyanık. Did my solution help you? Has your problem been solved? If solved, it would be really appreciated if you share your solution here.

fatih uyanık 80 Reputation points

2023-05-26T07:10:10.1933333+00:00

Hello

Login to the application with a login form by entering a user name and password. I know it's not very safe that way. Can I use the WindowsPrincipal class at this point?

As far as I know, System.Web.Security.Roles class is also valid in web applications. I guess we can't use it in wpf application. I would like your suggestions on this matter. Finally, it would be correct to apply the special work written above.

Hui Liu-MSFT 38,251 Reputation points Microsoft Vendor

2023-05-26T08:18:33.3633333+00:00

Hi,@fatih uyanık. In a WPF application, you typically don't have access to the System.Web.Security.Roles class, as it is part of the ASP.NET framework and primarily used for web applications. You could try use the System.Security.Principal.WindowsPrincipal class to check the user's Windows authentication in a desktop application. The WindowsPrincipal class represents the Windows user associated with the current thread. It allows you to check the user's roles and perform role-based authorization. You can use it to verify the user's credentials and restrict access to certain functionality or resources based on their role.

It relies on Windows authentication and requires valid Windows credentials.

For custom user authentication or scenarios where you want to securely store user credentials, it is recommended that you implement a different authentication mechanism for your application, such as username/password authentication using secure storage or integrating with an identity provider.

fatih uyanık 80 Reputation points

2023-05-26T08:25:51.8866667+00:00

Hello

Can you show an example of a custom authentication where login with username and password can be done?

Frankly, when I use Windows authentication, when I click directly on the application, it will open without a password and will open or not open according to the user group on the windows?

Thanks.

Hui Liu-MSFT 38,251 Reputation points Microsoft Vendor

2023-05-26T09:12:54.38+00:00

Hi,@fatih uyanık. For user authentication or scenarios, it needs to be set according to the specific situation.

For Windows authentication, when you enable Windows authentication for your WPF application, it will rely on the current Windows user's credentials for authentication. If the user is already logged in to Windows and belongs to the authorized user group specified in your application's authorization settings, they will be granted access without requiring a separate password. Otherwise, they will be denied access. Windows authentication leverages the underlying Windows security infrastructure and is typically used in enterprise environments where user accounts and group memberships are managed by Active Directory or a similar system.

fatih uyanık 80 Reputation points

2023-05-26T09:44:35.96+00:00

Hello

What would you recommend for a scenario like login with username and password? Should GenericIdentity be used for this? Do you have a different suggestion?

Thanks.

Hui Liu-MSFT 38,251 Reputation points Microsoft Vendor

2023-05-29T01:49:53.0033333+00:00

Hi,@fatih uyanık. In a WPF application, for implementing a login scenario with username and password, you could use the GenericIdentity and GenericPrincipal classes from the System.Security.Principal namespace, which are more appropriate for desktop applications. I don't have other recommendations.

Hui Liu-MSFT 38,251 Reputation points Microsoft Vendor

2023-06-02T08:14:02.56+00:00

Hi,@fatih uyanık.Is there any update to the question? Did my answer solve your problem? If so, you could accept it as the answer. It's helpful for community members with related questions.
Sign in to comment
don bradman 621 Reputation points

2023-05-18T13:28:04.7933333+00:00
To set up user roles, you can use the System.Web.Security.Roles class. This class provides methods for creating, deleting, and managing roles. You can create roles using the Roles.CreateRole method and delete roles using the Roles.DeleteRole method. You can also add users to roles using the Roles.AddUserToRole method and remove users from roles using the Roles.RemoveUserFromRole method.

Example:

if (!Roles.RoleExists("Admin")) { Roles.CreateRole("Admin"); }

To set up permissions, you can use the System.Security.Principal.WindowsPrincipal class. This class provides methods for checking whether a user has a specific permission. You can use the WindowsPrincipal.IsInRole method to check whether a user is in a specific role.

Example:

WindowsPrincipal principal = new WindowsPrincipal(WindowsIdentity.GetCurrent()); if (principal.IsInRole("Admin")) { // User has admin permission }

To set up permission scenarios, you can use a combination of user roles and permissions. For example, you can create a "Super Admin" role and only allow users in that role to add new users or give administrator permission. You can also use the WindowsPrincipal.IsInRole method to check whether a user is in the "Super Admin" role before allowing them to perform these actions.

Example:

WindowsPrincipal principal = new WindowsPrincipal(WindowsIdentity.GetCurrent()); if (principal.IsInRole("Super Admin")) { // User has super admin permission }

You can also use the AuthorizeAttribute class to restrict access to specific actions or controllers based on user roles. This class allows you to specify which roles are allowed to access a particular action or controller.

Example:

[Authorize(Roles = "Admin")] public ActionResult AddUser() { // Only users in the "Admin" role can access this action }
Please sign in to rate this answer.

0 comments No comments
Sign in to comment