Create Identity In a Simple Way Using ASP.NET MVC 5 - Part Two

Introduction

The first part of the article explained how to create an identity in a simple way. This article explains, how to create an identity with “Roles” in a simple way, using ASP.NET MVC. Before reading this article, please read the first part of this article. Link for the first part of the article is given below:

Definition

Role based identity is a secure way of an authentication with the roles in Web Applications. It is done to identify the authorized user with the roles.

Background

An identity is one of the secured way to access our Applications. An identity is not only providing full security. Instead of an identity, we are using an identity with the roles. A role is more secure one, because it restricts a user from accessing the controls of the Application. Role denotes access permission to the users. For example, if you are an admin for the Web Application, you can do any modification in the Application , but if you are a user, you cannot do any modification, as your access might be restricted.

Steps for Crating Identity with Roles

Step 1:
Follow the first part of this article’s steps, before creating an identity with the roles. 

Step 2: Go to Solution Explorer, expand App_Data folder and double click “aspnet-NewIdentity-20160726112300.mdf” file. Now, you can see all the tables which you have created, using the default identity.

tables

Step 3: We want to store all the roles in AspNetRoles table for using the Application. Right click “AspNetRoles” table and click New Query.

New Query

Step 4: New query Window will open, after clicking the new query options. We can write any SQL query in SQL query Window and run it like the screenshots, given below:

new query

Step 5: Insert roles in “AspNetRoles” table, using SQL query. The screenshots, given below, explain how to insert the roles in the specified table.

AspNetRoles

Step 6: We need to map with role ID and users ID now. We already saved the user details in “AspNetUsers” tables. Using “AspNetUserRoles” table, we can map the users and the roles. We are mapping, using “UserId” field from “AspNetUser” table and “RoleId” field from “AspNetUsers” table into “AspNetUserRoles” table.

AspNetUsers

Step 7: We can map many roles to the users, using previous step. These roles and users are working with the help of OWIN middleware.

I assigned my user ID to the admin role. Now, we use the role in the coding part. Based on the role, we can access it in our Application. We need to write the coding, given below:

Coding For Roles

  1. using System;  
  2. using System.Collections.Generic;  
  3. using System.Linq;  
  4. using System.Web;  
  5. using System.Web.Mvc;  
  6. namespace NewIdentity.Controllers   
  7. {  
  8.     [Authorize]  
  9.     public class TestController: Controller   
  10.     {  
  11.         // GET: Test  
  12.         /// <summary>  
  13.         /// Identity With Role only for Identity action method.  
  14.         /// </summary>  
  15.         /// <returns></returns>  
  16.         ///   
  17.         [Authorize(Roles = "Admin")] // Admin only can access  
  18.         public ActionResult Identity() {  
  19.             return Content("We are using Identity");  
  20.         }  
  21.         public ActionResult NonIdentiy() {  
  22.             return Content("We are not using Identity");  
  23.         }  
  24.     }  
  25. }  
Explanation

Here, we assign an admin role to “Identity” action methods. Thus, the other user can not access “Identity” action method. This is the meaning of “[Authorize(Roles="Admin")]”.

If we run the Application, http://localhost:51868/Test/Identity URL, it will redirect to the login page, because we are using an identity with an admin role.

login

Finally, enter the credentials and enter the specified page. We assigned an “admin” role to vicky1@gmail.com user as well as assigned an admin role to “Identity” Action method.

code

If we try to enter a different user, but the same URL, we cannot enter it, because we do not assign an admin role to any other user.

login

We are trying to login, using test@gmail.com. It has successfully logged in, but does not go to a specified page. It is again required to login to the page because of the roles. We can see screenshot, given below:

login

We can assign the roles in the controller levels as well as action methods level. We can assign a controller level in the following way:

Roles in Controller Level
  1. namespace NewIdentity.Controllers   
  2. {  
  3.     // GET: Test  
  4.     /// <summary>  
  5.     /// Identity With Role in controller level.  
  6.     /// </summary>  
  7.     /// <returns></returns>  
  8.     ///   
  9.     [Authorize(Roles = "Admin")]  
  10.     public class TestController: Controller   
  11.     {  
  12.         public ActionResult Identity()   
  13.         {  
  14.             return Content("We are using Identity");  
  15.         }  
  16.         public ActionResult NonIdentiy()   
  17.         {  
  18.             return Content("We are not using Identity");  
  19.         }  
  20.     }  
  21. }  
We assign a role for “Test” controller as an “Admin”. Thus, those who have an admin role are the only persons to access in “Test” controller. Users with other roles  cannot access “Test” Controller.

Conclusion

This article and the previous article of this series are about identity and roles. It helps those, who are newly learning about identity and roles in ASP.NET MVC. The next part of article explains how to create a custom identity and roles in ASP.NET MVC.