A Roles Provider interfaces with a data store that contains information mapping users to roles, and provides methods for creating and deleting roles, adding users to roles, and more. The role manager relies on the Roles Provider, given a username, to determine what role or roles the user belongs to. Table 9-3 shows the methods required by DotNetNuke to implement a custom Roles Provider.
Method | Description |
---|---|
CreateRole | Creates a single role. |
DeleteRole | Deletes a single role. |
GetRole | Returns a single role. There are two methods: one uses RoleName and the other uses RoleID. |
GetRoleNames | Returns all the role names a single user belongs to. |
GetRoles | Returns a list of all roles used in a single portal. |
UpdateRole | Updates a single role. |
AddUserToRole | Adds a single user to a role. |
GetUserRole | Returns a user/role object. |
GetUserRoles | Returns a list of roles a single user belongs to. There are two methods: one uses UserID and the other uses RoleName and UserName. |
GetUsersByRoleName | Returns a list of users who belong to a role, retrieved using RoleName (as User objects). |
GetUserRolesByRoleName | Returns a list of users who belong to a role, retrieved using RoleName (as UserRole objects). |
RemoveUserFromRole | Removes a user from a role. |
UpdateUserRole | Updates a user/role object. |
Listing 9-5 shows the default AspNet Roles Provider property set used in a standard DotNetNuke install. It is contained in the web.config file's memberrolesprototype section. Unlike the Membership Provider, it is not necessary to gather properties from here. You could, however, have properties here for use in your own custom Roles Provider, but doing so would require you to gather the value for these properties from within the Business Logic Layer of your custom provider code.
Listing 9-5: AspNet Roles Provider Set in web.config
<roleManager cacheRolesInCookie="true" cookieName=".ASPXROLES" cookieTimeout="30" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" createPersistentCookie="false" cookieProtection="All"> <providers> <add name="DNNSQLRoleProvider" type= "DotNetNuke.Security.Membership.AspNetSqlRoleProvider, DotNetNuke.Provider.AspNetProvider" connectionStringName= "SiteSqlServer" applicationName="/" description="Stores and retrieves roles data from the local Microsoft SQL Server database" /> </providers> </roleManager>
Again, as mentioned in the Membership Provider section, if you are creating your own concrete roles provider, you may need to create your own concrete membership provider. Of course, this depends on your implementation. Listing 9-6 shows the AddUserToRole method from the AspNet concrete provider code located in the AspNetRoleProvider.vb file.
Listing 9-6: AddUserToRole Method in the Concrete AspNet Roles Provider
Public Overrides Function AddUserToRole(ByVal portalId As Integer, ByVal user As UserInfo, ByVal userRole As UserRoleInfo) As Boolean Dim createStatus As Boolean = True 'Set Application Name SetApplicationName(portalId) Try 'Add UserRole to DNN userRole = AddDNNUserRole(userRole) 'Add UserRole to AspNet AspNetSecurity.Roles.AddUserToRole(user.Membership.Username, userRole.RoleName) Catch ex As Exception 'Clear User (duplicate User information) userRole = Nothing createStatus = False End Try Return createStatus End Function
In this listing, the method first makes a call to the SetApplicationName method, which is located within the same file. This is required by this concrete provider and may not be necessary in your own implementation. Next, another private method is called that adds the user to DotNetNuke's UserRoles table, which is necessary because that's how DotNetNuke relates users and roles to one another throughout the entire application and is required for any custom concrete provider implementation. Finally, the custom logic specific to this concrete provider is called, which adds the user to the provider's data store. This last step may not be necessary in your own custom roles provider if you plan to use your data store only for DotNetNuke and have no plans to extend the Roles Provider further from what is provided by DotNetNuke's abstract provider.