SecurityGuard - NuGet Package for the ASP.NET Membership system
SecurityGuard is a complete ASP.NET MVC 3 application installable via NuGet. If you need a complete way to manage your ASP.NET Membership system for your MVC 3 application, this is the NuGet package to use.
Don't forget to watch the screencast on how to quickly install it and use it.
If you don't know what NuGet is, it's a free online resource that contains components that can easily be installed into your applications for various needs. Go to NuGet.org for more information.
AN IMPORTANT NOTE: SecurityGuard is built on the .Net 4.0 framework so it's only available with ASP.NET MVC 3!
Pre-requisites:
- .Net 4.0 Framework
- ASP.NET MVC 3 host application
- ASP.NET Membership is installed
What SecurityGuard does not do
SecurityGuard does NOT install the required ASP.NET Membership system. You need to have that installed prior to installing SecurityGuard. SecurityGuard is the UI components for you to manage your membership system. There are many ways you can install the ASP.NET Membership system, but the easiest way is with my other NuGet package called MvcInstaller. Check it out at NuGet.org, and take a look at my other article as part of this series on what the MvcInstaller NuGet package is and how it works.After the ASP.NET Membership system is installed, simply install the NuGet package for SecurityGuard and it's 99.9% done. You will have to do a few things to tailor it to your application and for configuration, but they are mostly minor view modifications.
INSTALLATION
You can use the Package Manager Console or the GUI. I'll demonstrate how to install using the console.
Now you will see the console where you enter the following:
After you hit Enter, you'll notice many files being copied into your application. These are all the files necessary to run the application. Controllers and other C# classes are also being added with your applications namespace so they are assured to work.
Also, a new Area is created called SecurityGuard. This contains all the controllers, models and views for the application. CSS and images have also been included in the Content folder.
Now I'll need to make a few little changes. The first I'll make is to the _LogOnPartial.cshtml view. I will change the controller names to point to the new SecurityGuard Account controller.
1.@if(Request.IsAuthenticated) {2. <text>Welcome <strong>@User.Identity.Name</strong>!3. [ @Html.ActionLink("Log Off", "LogOff", "SGAccount") ]</text>4.}5.else {6. @:[ @Html.ActionLink("Log On", "LogOn", "SGAccount") ]7.}You can see on lines 3 and 6 that I've changed the default "Account" controller name to "SGAccount". Now I want to make a change to my global menu navigation for the application. This is different for every application, so there's no way for me to build something into the NuGet package to do this for you.
01.<nav>02. <ul id="menu">03. <li>@Html.ActionLink("Home", "Index", "Home")</li>04. <li>@Html.ActionLink("About", "About", "Home")</li>05. @if (User.Identity.IsAuthenticated)06. {07. <li>@Html.ActionLink("Change Password", "ChangePassword", "SGAccount")</li>08. }09. @if (User.IsInRole("SecurityGuard"))10. {11. <li>@Html.ActionLink("Security Guard", "Index", "Dashboard", new { area = "SecurityGuard" }, null)</li>12. } 13. </ul>14.</nav>You can see I've added a "Change Password" link and a link to the "Security Guard" area. But you'll also notice that I've wrapped them in conditional statements. For the Change Password link, the user needs to be logged on to see this. For the Security Guard link the user needs to be logged on and in the "SecurityGuard" role.
The next change is in the web.config file. It places a duplicate forms authentication node in the file and the default node needs to be removed.
This is the authentication section after SecurityGuard has been installed.
1.<authentication mode="Forms">2. <forms loginUrl="~/Account/LogOn" timeout="2880" />3. <forms loginUrl="~/SGAccount/LogOn" timeout="2880" />4.</authentication>Now I need to remove the forms node on line 2 so it leaves the one I want which points to the SGAccount controller.
Next, the smtp section should be updated with your SMTP server information. This is used for the Forgot Password component. It will email the new password to the user.
1.<system.net>2. <mailSettings>3. <smtp deliveryMethod="Network">4. <network host="[smtp server name]" userName="[email address]" password="[email password]" port="25" />5. </smtp>6. </mailSettings>7.</system.net>One last thing to do is in the /Views/SGAccount folder. You'll notice that there are duplicate views, one for Razor and one for ASPX. You simply need to delete the views that do NOT work with your MasterPage or Layout view. So in other words, stay with the views that you are using for the rest of your site.
Now that that's done, you are ready to use the application.
Ready To Go
Now you can run your application and you should see your site come up as usual. For the rest of this we will assume that I've already installed and configured the ASP.NET Membership system on this server, or local development machine and I've created a user and assigned it to the SecurityGuard role.When I log into the site, I should see something like this.
When I click on the "Security Guard" link, I'll be taken to the SecurityGuard MVC Area and I'll see this.
It's a simple, clean web-interface that allows you to easily manage the membership system. Let's go through the application.
Roles
When I click on the "Manage Roles" link, I'll see this page.
This allows you to enter and delete roles on the left side, and see the users in a particular role on the right side.
Selecting a role to see what users are in that role, looks like this.
You can click on the user name and be taken to the details for that user.
Validation is built in. You can see it working if you try to Add a role without a name entered.
When you enter a role, you will see a success message and it will be added to the Roles list and the Users In Roles list via jQuery Ajax.
Deleting roles is just as easy, but the ASP.NET Membership system has a "check" for users granted to the deleted role. By default, if you try to delete a role that contains users, then it will complain and not let you do it. But it you really want to do it, you can tell the system to go ahead and delete the role and any associated users by checking the box "Delete role if it has users?". This tells the system to go ahead and delete everything.
Manage Users
Managing users is also just as simple. To get back to the Dashboard home page, I just need to click the "Dashboard" link in the top breadcrumb. Then I click on the "Manage Users" link and I'll see this page.
There's a lot happening on this page. First, the drop down list has three selections, "View All", "UserName", and "Email". These are the different filtering methods you can use to manage users.
- View All - this setting doesn't allow you to enter a value in the search box since you are viewing all users.
- UserName - this filter setting allows you to enter a value into the "Starts with:" field. Enter any set of characters that the username would start with.
- Email - this filter setting allows you to enter a value into the "Starts with:" field. Enter any set of characters that the email would start with.
The radio button is a quick way to jump to the "Grant Roles to User" view. Simply select a radio button for a user and the "Grant Roles To User" link above becomes enabled and if you click on it, you will be taken to that view for the selected user. It looks like this.
This shows the roles that are already granted to the user and what roles are still available to be granted. To Grant or Revoke a role, simply select the role in the list box and click the appropriate button. The command is executed instantly via Ajax.
User Details
Viewing user details is one of the views you will most likely visit often. It's a clean interface and allows you to do manage certain details in a friendly Ajaxified manner.
The Update button in the lower right only updates the values from the email and comment fields. You can easily Approve or Deny a user by clicking the link next to that value. It will execute the command via Ajax. The same goes for the Locked out value. If the user is locked out, a link will appear that allows you to quickly unlock them.
Also, at the bottom of the page, you can click the "Edit" link next to "Roles for [user name]", and you'll go back to the "Grant Roles to User" view.
Create User
It's just as easy to create a new user. From the main Dashboard view, click the "Create User" link.
There are a few nice things built into this view. Much of this view displays attributes from the web.config/membership section. It shows the number of characters that the username should be, and it will also display how many characters non-Alphanumeric characters should be if they are not zero.
It will also dynamically display the Secret Question and Answer fields if the web.config has that set to True.
This view also has Ajax-validation built in. If you try to submit it without any values in the fields, it will display messages nicely.
Once the user is created, you can instantly view it's details.
Conclusion
That's SecurityGuard. I very nice User Interface for managing your ASP.NET Membership database. It's easy to install and just as easy to configure.Do forget to view my other article in this series on the MvcInstaller NuGet package. This package installs the ASP.NET Membership system for you based on your specifications.
Updates
- November 11, 2011 - Version 1.0.51.575 - made modifications to several files so SecurityGuard will work with or without T4MVC. T4MVC threw some namespace collision exceptions on the RegisterViewModel being using inside the Areas.SecurityGuard.Models folder and when calling SGAccountController and the register view.
Hi kahanu,
This is an excellent addition to the MVC stack,its safe my time as i have been contemplating of developing a user management system similar to what you have done,great work keep it up.
I run into one issue after following your instruction on how to install and use Security Guard NuGet package,the issue is as follows:
1. Error 1 The type or namespace name 'Pagination' does not exist in the namespace 'SecurityGuard.Core' (are you missing an assembly reference?)
2. Error 2 The type or namespace name 'PaginatedList' could not be found (are you missing a using directive or an assembly reference?)
I know this a trivial issue,but please could you verify
@ola, oops! Sorry about that. I pushed the latest SecurityGuard.dll that has the necessary components. I haven't been able to test it since I'm out of town, but it should work. Please let me know if this version works. I want to stay on top of this. Thanks for the catch.
King Wilder
I love the work you have done! So far everything is working and working well!
I had one error while testing. I am using gmail for my email server and it requires SSL. The package you are using for emailing doesn't take the port for SSL. I had to change your code to use a custom function for sending emails. Let me know if you want the code I used.
Thanks again for the great work
@boltojam, I'm glad you like it. I actually have not tested it against an SSL server, but have you tried adding the port to the web.config/system.net/mailSettings/smtp/network element? You should just be able to point to your secure mail server and include the SSL port there and it should all work without any code modification.
I'll test it out when I have a moment. What code did you modify?
Let me know if this works.
bob, yes I've noticed that. It seems to update the list on the first addition, but after that, it doesn't. It's a bug, not a huge one, but a bug. I will fix that at some point. I'm in the middle of a large project right now and can't but it is on my list of TODO's.
Thanks.