How to add a Login, Roles and Profile system to an ASP.NET 2.0 app in only 24 lines of code: ASP Alliance

Print Add To Favorites Email To Friend Rate This Article
How to add a Login, Roles and Profile system to an ASP.NET 2.0 app in only 24 lines of code

page 5 of 7

by Scott Guthrie
Feedback

Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 33646/ 54

Article Contents:

Next Step: Displaying User Profile Data

The only other page in this scenario that required me to add code was the MyProfile.aspx page. This page looks like this:

Figure 4

The page itself was pretty simple to implement. I simply added a few asp:label controls on the page, as well a listbox for the roles. Populating these controls with the profile and role information involved added a Page_Load event with 7 lines of code like so:

Listing 5

protected void Page_Load(object sender, EventArgs e) {
   Country.Text = Profile.Country;
   Gender.Text = Profile.Gender;
   Age.Text = Profile.Age.ToString();
   RoleList.DataSource = Roles.GetRolesForUser(User.Identity.Name);
   RoleList.DataBind();
}

Note that the profile object is strongly typed – which means profile properties will get statement completion and compilation checking in VS 2005 with it. I can also then query the role management system to retrieve an array of all the roles the current user belongs to and then databind this to the listbox control.

Since the MyProfile.aspx page requires a user to be logged in (otherwise retrieving profile information about them doesn’t make a lot of sense), I also added a <location> based authorization control tag in my web.config file:

Listing 6

<location path="MyProfile.aspx">
   <system.web>
      <authorization>
            <deny users="?"/>
            <allow users="*"/>
 
      </authorization>
   </system.web>
</location>

This is the same configuration I would have added in ASP.NET V1.1 – and basically tells the system to deny all users who aren’t logged in (the ? = anonymous), and then allow all users who are logged in (the * = all).

Those who aren’t logged in will get automatically re-directed to the login.aspx page. The <asp:login> control can be used there to allow users who have already registered to log-in without the developer having to write any custom code.

« (Page 4)

View Entire Article

(Page 6) »

User Comments

Title: Thanks for the TRICK
Name: Ankit Singhal
Date: 2009-12-20 3:05:23 PM
Comment:
Thanks a lot for such a wonderful idea.. it worked for me when used CreatedUser and FinishButtonClick Events in place of the Events u suggested. Great Idea. God Bless you :-)

Title: problem!!!!!
Name: avinash
Date: 2008-04-07 4:01:15 AM
Comment:
this code works fine with me in a public authorization folder! i need this code to make only role "admin" can create accounts so i placed it in a folder with admins only authorized! but the problem is that t creates the account but don't assign any role!! can any body help with this ?

Title: Roles
Name: Hossam
Date: 2007-07-11 3:47:45 AM
Comment:
this code works fine with me in a public authorization folder! i need this code to make only role "admin" can create accounts so i placed it in a folder with admins only authorized! but the problem is that t creates the account but don't assign any role!! can any body help with this ?

Title: next step
Name: dupls
Date: 2007-03-21 1:29:34 PM
Comment:
Is there any tutorial out there that will take this to the next level and place those details into another table in the database?

I've followed Scott through a zillion sites he is truly amazing. Very helpful code!

Title: Ruler of the Universe
Name: Rick
Date: 2007-03-08 7:39:47 PM
Comment:
Not too many comments here, but I think this is a fantastic soution. Thank you for sharing with us, Scott.

Title: Mr
Name: Pilling
Date: 2006-11-14 11:17:50 AM
Comment:
Anyone have the rolls bit in vb?

Product Spotlight