Sample Role-Provider Implementation

Describes the sample role provider and the supported data-source schema.

The following topics include the code for a sample role-provider implementation. The sample provider uses the .NET Framework Data Provider for ODBC to connect to an ODBC data source. The sample uses an Access database as its data source.

This topic describes how to implement the sample profile provider and configure an ASP.NET application to use the sample provider.

Note

Because data sources contain differing SQL syntax, some commands will work with one data source and not with another. Therefore, you should create a role provider specific to your data source even if you are using the .NET Framework Data Provider for ODBC or the .NET Framework Data Provider for OLEDB to access your data source, for example, SybaseProfileProvider or OracleProfileProvider.

To view the code for the sample provider, see How to: Sample Role-Provider Implementation.

Database Schema

The sample role provider uses two database tables to manage role information: a Roles table that contains role names and application names, and a UsersInRoles table that is used to associate a user name with a role name for an application.

To create the Access tables used by the sample provider, issue the following data-definition query in a new or existing Access database.

CREATE TABLE Roles
(
  Rolename Text (255) NOT NULL,
  ApplicationName Text (255) NOT NULL,
    CONSTRAINT PKRoles PRIMARY KEY (Rolename, ApplicationName)
)

CREATE TABLE UsersInRoles
(
  Username Text (255) NOT NULL,
  Rolename Text (255) NOT NULL,
  ApplicationName Text (255) NOT NULL,
    CONSTRAINT PKUsersInRoles PRIMARY KEY (Username, Rolename, ApplicationName)
)

Event Log Access

If the sample provider encounters an exception when working with the data source, it writes the details of the exception to the Application Event Log instead of returning the exception to the ASP.NET application. This is done as a security measure to avoid exposing private information about the data source in the ASP.NET application.

The sample provider specifies an event Source of "OdbcRoleProvider". Before your ASP.NET application will be able to write to the Application Event Log successfully, you will need to create the following registry key.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\OdbcRoleProvider

If you do not want the sample provider to write exceptions to the event log, then you can set the writeExceptionsToEventLog attribute to false in the Web.config file.

Building the Sample Provider

In order to use the sample provider, you can place your source code in the App_Code directory of your application. Note that if you already have source code in the App_Code directory of your application, you must add the version of the sample provider that is written in the same language as the existing code in the directory. The provider will be compiled by ASP.NET when your application is requested.

You can also compile the sample provider as a library and place it in the Bin directory of your Web application, or strongly name it and place it in the GAC. The following command shows how to compile the sample provider using the command-line compiler.

vbc /out:OdbcRoleProvider.dll /t:library OdbcRoleProvider.vb /r:System.Web.dll /r:System.Configuration.dll
csc /out:OdbcRoleProvider.dll /t:library OdbcRoleProvider.cs /r:System.Web.dll /r:System.Configuration.dll

Using the Sample Provider in an ASP.NET Application

The following example shows the Web.config file for an ASP.NET application configured to use the sample provider. The example uses an ODBC DSN named "RolesDSN" to obtain connection information for the Access database. To use the sample provider, you will need to either create the "RolesDSN" System DSN or supply a valid ODBC connection string to your database.

The example configuration assumes that your Web site is set up to use forms authentication and includes an ASP.NET page called login.aspx that allows users to log in.

<configuration>
  <connectionStrings>
    <add name="OdbcServices" connectionString="DSN=RolesDSN;" />
  </connectionStrings>

  <system.web>
    <authentication mode="Forms" />
      <forms loginUrl="loginvb.aspx"
        name=".ASPXFORMSAUTH" />
    </authentication>

    <authorization>
      <deny users="?" />
    </authorization>

    <roleManager defaultProvider="OdbcRoleProvider" 
      enabled="true"
      cacheRolesInCookie="true"
      cookieName=".ASPROLES"
      cookieTimeout="30"
      cookiePath="/"
      cookieRequireSSL="false"
      cookieSlidingExpiration="true"
      cookieProtection="All" >
      <providers>
        <clear />
        <add
          name="OdbcRoleProvider"
          type="Samples.AspNet.Roles.OdbcRoleProvider"
          connectionStringName="OdbcServices" 
          applicationName="SampleApplication" 
          writeExceptionsToEventLog="false" />
      </providers>
    </roleManager>

  </system.web>
</configuration>

See Also

Concepts

Implementing a Role Provider

Other Resources

Managing Authorization Using Roles

Securing ASP.NET Web Sites