Web.config role provider

Store roles in web.config. Convenient for smaller web applications, role management on development setups or other scenarios where it's not possible/practical to use the SQL Server Role Provider.

Features

  • Roles stored in web.config. Fast to set up, easy to deploy.
  • Supports external configuration files.
  • Intellisense in Visual Studio with included schema.
  • HttpHandler for assigning users to roles (can be used with other role providers as well).
  • Can easily be extended with other storage mediums such as plain xml or databases.

Configuration

  • Copy the dll to the bin directory or your app.
  • Add this element to the config tag in web.config:  <section name="WebConfigRoleProvider" type="WebConfigRoleProvider.Core.ConfigurationSection"/>
  • Set the role provider for you app in configuration -> system.web:
<configuration>
...
  <system.web>
    <roleManager enabled="true" defaultProvider="WebConfigRoleProvider"> 
      <providers> 
        <add name="WebConfigRoleProvider" type="WebConfigRoleProvider.Core.WebConfigRoleProvider"/> 
      </providers> 
    </roleManager>
...
  </system.web>
</configuration>
  • Configure roles in web.config in the configuration tag:
<configuration>
...
<WebConfigRoleProvider> 
  <roles> 
    <add name="role1" users="user1, user2, user3, xxx" /> 
    <add name="role2" users="user1, user3" /> 
  </roles> 
</WebConfigRoleProvider> 
...
</configuration>

Setting up users in web.config

Both users managed with the Membership provider and users hardcoded into web.config are supported.

<configuration>
...
  <system.web>
    <authentication mode="Forms">
      <forms loginUrl="~/login.aspx" ... >
        <credentials>
          <user name="User1" password="pass"/>
          <user name="User2" password="pass"/>
          <user name="User3" password="pass"/>
        </credentials>
      </forms>
    </authentication>
...
  </system.web>
</configuration>

Using the HttpHandler

  • Add this tag to the configuration -> sytstem.web -> HttpHandlers section in web.config: <add verb="GET" path="usersroles.ashx" type="WebConfigRoleProvider.Core.UsersRolesMatrixHttpHandler"/>
  • Load the page in a browser, http://yoursite/usersroles.ashx.

IMPORTANT: Disable the HttpHandler when deploying to a live environment, or at least require autentication to access it.

Enabling Intellisense

Save the WebConfigRoleProvider.xsd schema somewhere on your workstation. VS2008 keeps its schemas in C:\Program Files\Microsoft Visual Studio 9.0\Xml\Schemas\, you could use the same location. Open your web.config and see the properties. Click the elipsis for the "Schemas" property and select the schema.

Using an external config file

Like most other elements in web.config, you can chose to keep the roles in a separate config file to reduce the clutter in web.config.
Add a configSource attribute the WebConfigRoleProvider element in web.config: <WebConfigRoleProvider configSource="roles.config">

The content of the config file follows the same syntax, and you can also enable the same intellisense with the schema.
Sample:
<?xml version="1.0"?> 
<WebConfigRoleProvider> 
  <roles> 
    <add name="role1" users="user1, user2, user3, xxx" /> 
   <add name="role2" users="user2, user3" /> 
  </roles> 
</WebConfigRoleProvider> 

Background and some interesting notes on the project

I often found myself in situations where using the SQL Server RoleProvider seemed like overkill. And I always thought it was a bit peculiar you could set up users for the website in web.config, but there was no "out-of-the-box" way to use Roles.
It's especially convenient for scenarios where you just want to get up and running quickly. Once the app reaches live deployment, the Role provider can be replaced with a SQL Server version or similar "production grade" provider.
The iRoleProvider implementation follows the guidelines found on MSDN: http://msdn.microsoft.com/en-us/library/8fw7xh74.aspx.

The HttpHandler

The HttpHandler started out as simple way to do testing, but eventually turned into a nice little utility to manage users and roles. You may find it even more practical to use than the standard ASP.NET Configuration pages.
It uses an included resource, the UsersRolesMatrixTemplate.htm file, which contains two "placeholders". If you modify the template, please note your changes are only available after the project has been recompiled.
It also uses jQuery (hosted on the Microsoft.com CDN) and the HTML generated is very lean and basic. It's amazing what kind of functionality you can achieve with a few lines of jQuery magic... Check it out, it's pretty neat.

Last edited Feb 22, 2010 at 2:17 AM by JakobG, version 7