All geek questions in one place

Application Architecture - Registration and Administrator Management

I do not know if these are suitable questions. However, this is happening here.

I am currently working on a project for a client, razor ASP.NET 4.5 MVC4. It is basically a web store for its customers who register an account and order products from their catalogs for use at events they host. Clients must register for events created by my clients to place orders. The site has an administrator portal where they will register and create, manage and update events, orders and users. How to do this is not my question. My question is:

How can I register administrators ?! What process did you use? I do not think that a password with a hard code is good, and I'm sure I want to separate it from the usual user registration. I plan to use SimpleMembership. I mean, an existing administrator can create administrator accounts, but what about the first administrator account. A chicken or an egg? It makes sense?

EDIT: I did a lot of homework on this, I mean that I can manually add the administrator role to webpages_Roles and manually add it to the first administrator, and subsequent administrators added this role as the administrator, but the first couple of steps sounds a bit hacky.

+4
source share
1 answer

As you say in the EDIT part, you must first add the administrator account manually. After that, you can simply provide the Admin role to any registered user, like this:

 Roles.AddUserToRole(model.UserName, "Admin");

If you want your administrators to be completely separate from other users, you must place the user role for regular users and not allow administrators to have this role.

So, just add the above code to the Register method of the AccountController.cs action

  [HttpPost] [Authorize(Roles="A, Personnels")] [ValidateAntiForgeryToken] public ActionResult Register(RegisterModel model) { if (ModelState.IsValid) { // Attempt to register the user try { WebSecurity.CreateUserAndAccount(model.UserName, model.Password); Roles.AddUserToRole(model.UserName, "User"); // Add this line here... WebSecurity.Login(model.UserName, model.Password); return RedirectToAction("Index", "Home"); } catch (MembershipCreateUserException e) { ModelState.AddModelError("", ErrorCodeToString(e.StatusCode)); } } // If we got this far, something failed, redisplay form return View(model); }

And take responsibility for creating administrator accounts yourself, or let them register as regular users and do the following [The first approach is recommended]:

 Roles.RemoveUserFromRole(model.UserName, "User"); Roles.AddUserToRole(model.UserName, "Admin");

That's all...

+1
source

Source: https://habr.com/ru/post/1496365/

More articles:


All Articles