M# Tutorials

Learn to build .NET applications with M#. Our step-by-step tutorials will get you up-to-speed rapidly.
If you already know ASP.NET and C#, you can master M# in a week or two.

Roles

Most websites require users to get authenticated and authorized in order to view certain content of the website and roles play vital part in restricting the access users have.

In this lesson we will see how we can manage and apply roles on different sections of the website. We will learn to implement roles on pages and will see how pages inherit roles.

Managing Roles

M# provides a separate section within project settings to create and manage roles. M# creates two default roles when you create a new project, as shown below:

The screenshot above shows two roles. You can add further roles by typing the role name in the space available in the highlighted area above.

After defining roles in the project settings you can start implementing them in the pages but in order to authorize and identify a user’s role you must also return the role from “GetRole()” method of the entity, which is implemented from IUser interface otherwise role will not be validated and users will not be able to view the pages.

In order to demonstrate we have added a new role “Employee” and will update our “Employee” entity to return the newly added role so that the users logged in as employee can view the required sections of website, as shown below:

After adding a new role, we need to override “GetRoles” method of our Employee entity derived from User entity, which implements IUser interface.

All pages of a website in M# are visible to “Guest” role unless any other role is explicitly specified. Which means pages created in M# will be accessible for all the users unless restricted to a specific role. You can specify roles at page, module or module element level.

As we have a new role “Employee” set up in our project, now we will implement the new role on pages.

App.Context

M# has a static class Context in website folder “App_Code”. This class has a very important part in authenticating and authorizing a role. This class implements a property called “User” which returns a User entity instance using HttpContext identity info.

M# uses this property to authorize the role of a logged in user as shown below:

Secure page access

By defining roles in M# it becomes very easy to secure the access of a page or a tree of pages. Please refer to this section for more details.