Security / Membership & Role Providers / User Manager / Advanced

  Implementing the Business Rules

Table of Contents
Security / Membership & Role Providers / User Manager / AdvancedPrint||
Implementing the Business Rules

Instead of allowing the application framework to handle the CRUD operations, let’s prevent the default behavior and implement several business rules. These business rules with use the ASP.NET Membership API to insert, update, and delete users.

Insert

In the Project Explorer, right-click on Users / Business Rules node, and press New Business Rule.

Creating a new business rule for Users data controller.

Assign the following properties:

Property Value
Type C# / Visual Basic
Command Name Insert
Phase Before

Press OK to save the business rule. On the toolbar, press Browse to regenerate the web app and create the business rule file. When finished, right-click on Users / Business Rules / Insert (Code / Before) – r101 node and press Edit Rule in Visual Studio.

'Edit Rule in Visual Studio' context menu option for a code business rule.

Replace the content of the file with the following:

C#:

using System;
using System.Web;
using System.Web.Security;
using MyCompany.Data;
using MyCompany.Security;

namespace MyCompany.Rules
{
    public partial class UsersBusinessRules : MyCompany.Data.BusinessRules
    {

        /// <summary>
        /// This method will execute in any view before an action
        /// with a command name that matches "Insert".
        /// </summary>
        [Rule("r101")]
        public void r101Implementation(
                    FieldValue userID,
                    string userName,
                    string password,
                    string email,
                    string comment,
                    string passwordQuestion,
                    string passwordAnswer,
                    bool isApproved,
                    DateTime? lastActivityDate,
                    DateTime? lastLoginDate,
                    DateTime? lastPasswordChangedDate,
                    DateTime? creationDate,
                    bool? isLockedOut,
                    DateTime? lastLockedOutDate,
                    int? failedPasswordAttemptCount,
                    DateTime? failedPasswordAttemptWindowStart,
                    int? failedPasswordAnswerAttemptCount,
                    DateTime? failedPasswordAnswerAttemptWindowStart,
                    string roles,
                    string confirmPassword,
                    int? roleID)
        {
            // prevent execution of CRUD operations by the application framework
            PreventDefault();
            // ensure that "Password" and "ConfirmPassword" match
            if (password != confirmPassword)
                throw new Exception(Localize("PasswordAndConfirmationDoNotMatch",
                    "Password and confirmation do not match"));
            // create a user with the Membership API
            MembershipCreateStatus status;
            MembershipUser newUser = Membership.CreateUser(userName, password, email, 
                passwordQuestion, passwordAnswer, isApproved, out status);
            // analyze and report any errors
            if (status != MembershipCreateStatus.Success)
            {
                string error = null;
                switch (status)
                {
                    case MembershipCreateStatus.DuplicateEmail:
                        error = "Duplicate email address.";
                        break;
                    case MembershipCreateStatus.DuplicateProviderUserKey:
                        error = "Duplicate provider key";
                        break;
                    case MembershipCreateStatus.DuplicateUserName:
                        error = "Duplicate user name.";
                        break;
                    case MembershipCreateStatus.InvalidAnswer:
                        error = "Invalid password recovery answer.";
                        break;
                    case MembershipCreateStatus.InvalidEmail:
                        error = "Invalid email address.";
                        break;
                    case MembershipCreateStatus.InvalidPassword:
                        error = string.Format("Invalid password. Requires at least {0} " +
                            "characters and {1} non-alphanumeric characters.",
                            Membership.Provider.MinRequiredPasswordLength,
                            Membership.Provider.MinRequiredNonAlphanumericCharacters);
                        break;
                    case MembershipCreateStatus.InvalidProviderUserKey:
                        error = "Invalid provider user key.";
                        break;
                    case MembershipCreateStatus.InvalidQuestion:
                        error = "Invalid password recovery question.";
                        break;
                    case MembershipCreateStatus.InvalidUserName:
                        error = "Invalid user name.";
                        break;
                    case MembershipCreateStatus.ProviderError:
                        error = "Provider error.";
                        break;
                    case MembershipCreateStatus.UserRejected:
                        error = "User has been rejected.";
                        break;
                }
                throw new Exception(error);
            }
            // assign "Comment" to the new user
            if (!(String.IsNullOrEmpty(comment)))
            {
                newUser.Comment = comment;
                Membership.UpdateUser(newUser);
            }
            // assign "Roles" to the new user
            if (!(String.IsNullOrEmpty(roles)))
            {
                string[] newRoles = Convert.ToString(roles).Split(',');
                foreach (string role in newRoles)
                    if (!(String.IsNullOrEmpty(role)))
                        System.Web.Security.Roles.AddUserToRole(
                            userName, role);
            }
        }
    }
}

Visual Basic:

Imports MyCompany.Data
Imports System
Imports System.Collections.Generic
Imports System.Data
Imports System.Linq
Imports System.Text.RegularExpressions
Imports System.Web
Imports System.Web.Security

Namespace MyCompany.Rules

    Partial Public Class UsersBusinessRules
        Inherits MyCompany.Data.BusinessRules

        ''' <summary>
        ''' This method will execute in any view before an action
        ''' with a command name that matches "Insert".
        ''' </summary>
        <Rule("r101")> _
        Public Sub r101Implementation( _
                    ByVal userID As FieldValue, _
                    ByVal userName As String, _
                    ByVal password As String, _
                    ByVal email As String, _
                    ByVal comment As String, _
                    ByVal passwordQuestion As String, _
                    ByVal passwordAnswer As String, _
                    ByVal isApproved As Nullable(Of Boolean),
                    ByVal isLockedOut As Nullable(Of Boolean), _
                    ByVal roles As String, _
                    ByVal confirmPassword As String)
            ' prevent execution of CRUD operations by the application framework
            PreventDefault()
            ' ensure that "Password" and "ConfirmPassword" match
            If (password <> confirmPassword) Then
                Throw New Exception(Localize("PasswordAndConfirmationDoNotMatch",
                                             "Password and confirmation do not match"))
            End If
            Dim status As MembershipCreateStatus
            ' create a user with the Membership API
            Dim newUser As MembershipUser = Membership.CreateUser(userName,
                                  password,
                                  email,
                                  passwordQuestion,
                                  passwordAnswer,
                                  isApproved,
                                  status)
            ' analyze and report any errors
            If (status <> MembershipCreateStatus.Success) Then
                Dim [error] As String = ""
                Select Case status
                    Case MembershipCreateStatus.DuplicateEmail
                        [error] = "Duplicate email address."
                    Case MembershipCreateStatus.DuplicateProviderUserKey
                        [error] = "Duplicate provider key"
                    Case MembershipCreateStatus.DuplicateUserName
                        [error] = "Duplicate user name."
                    Case MembershipCreateStatus.InvalidAnswer
                        [error] = "Invalid password recovery answer."
                    Case MembershipCreateStatus.InvalidEmail
                        [error] = "Invalid email address."
                    Case MembershipCreateStatus.InvalidPassword
                        [error] = String.Format("Invalid password. Requires at least {0} " +
                            "characters and {1} non-alphanumeric characters.",
                            Membership.Provider.MinRequiredPasswordLength,
                            Membership.Provider.MinRequiredNonAlphanumericCharacters)
                    Case MembershipCreateStatus.InvalidProviderUserKey
                        [error] = "Invalid provider user key."
                    Case MembershipCreateStatus.InvalidQuestion
                        [error] = "Invalid password recovery question."
                    Case MembershipCreateStatus.InvalidUserName
                        [error] = "Invalid user name."
                    Case MembershipCreateStatus.ProviderError
                        [error] = "Provider error."
                    Case MembershipCreateStatus.UserRejected
                        [error] = "User has been rejected."
                End Select
                Throw New Exception([error])
            End If
            ' assign "Comment" to the new user
            If (Not (String.IsNullOrEmpty(comment))) Then
                newUser.Comment = comment
                Membership.UpdateUser(newUser)
            End If
            ' assign "Roles" to the new user
            If (Not String.IsNullOrEmpty(roles)) Then
                Dim newRoles() As String = Convert.ToString(roles).Split(",")
                For Each role As String In newRoles
                    If (Not String.IsNullOrEmpty(role)) Then
                        System.Web.Security.Roles.AddUserToRole(userName, role)
                    End If
                Next

            End If
        End Sub
    End Class
End Namespace

Save the file.

Update

Create another business rule with the following properties:

Property Value
Type C# / Visual Basic
Command Name Update
Phase Before

Save the business rule, and generate the web app. Edit the rule in Visual Studio. You may need to press Refresh in the Solution Explorer toolbar of Visual Studio for the rule to appear.

Refresh button on the Solution Explorer may need to be pressed in order for the rule to appear.

Replace the code base with the following.

C#:

using System;
using System.Web.Security;
using MyCompany.Data;
using MyCompany.Security;

namespace MyCompany.Rules
{
    public partial class UsersBusinessRules : MyCompany.Data.BusinessRules
    {

        /// <summary>
        /// This method will execute in any view before an action
        /// with a command name that matches "Update".
        /// </summary>
        [Rule("r102")]
        public void r102Implementation(
                    FieldValue userID,
                    string userName,
                    FieldValue password,
                    FieldValue email,
                    FieldValue comment,
                    FieldValue passwordQuestion,
                    FieldValue passwordAnswer,
                    FieldValue isApproved,
                    DateTime? lastActivityDate,
                    DateTime? lastLoginDate,
                    DateTime? lastPasswordChangedDate,
                    DateTime? creationDate,
                    FieldValue isLockedOut,
                    DateTime? lastLockedOutDate,
                    int? failedPasswordAttemptCount,
                    DateTime? failedPasswordAttemptWindowStart,
                    int? failedPasswordAnswerAttemptCount,
                    DateTime? failedPasswordAnswerAttemptWindowStart,
                    FieldValue roles)
        {
            // prevent execution of CRUD operations by the application framework
            PreventDefault();
            // get user object by name
            MembershipUser user = Membership.GetUser(userName);
            if (user != null)
            {
                // update "Email" if changed
                if (email.Modified)
                {
                    user.Email = Convert.ToString(email.Value);
                    Membership.UpdateUser(user);
                }
                // update "Is Approved" if changed
                if (isApproved.Modified)
                {
                    user.IsApproved = Convert.ToBoolean(isApproved.Value);
                    Membership.UpdateUser(user);
                }
                // unlock user account if necessary
                if (isLockedOut.Modified)
                {
                    if (Convert.ToBoolean(isLockedOut.Value))
                    {
                        Result.Focus("IsLockedOut", Localize("UserCannotBeLockedOut",
                            "User cannot be locked out. If you want to prevent this " +
                            "user from being able to login then simply mark user as" +
                            " \'Not Approved\'."));
                        throw new Exception(Localize("ErrorSavingUser",
                            "Error saving user account."));
                    }
                    user.UnlockUser();
                }
                // update "Comment" if changed
                if (comment.Modified)
                {
                    user.Comment = Convert.ToString(comment.Value);
                    Membership.UpdateUser(user);
                }
                // update "Roles" if changed
                if (roles.Modified)
                {
                    string[] newRoles = Convert.ToString(roles.Value).Split(',');
                    string[] oldRoles = System.Web.Security.Roles.GetRolesForUser(
                        user.UserName);
                    foreach (string role in oldRoles)
                        if (!(String.IsNullOrEmpty(role)) && (Array.IndexOf(
                            newRoles, role) == -1))
                            System.Web.Security.Roles.RemoveUserFromRole(
                                user.UserName, role);
                    foreach (string role in newRoles)
                        if (!(String.IsNullOrEmpty(role)) &&
                            (Array.IndexOf(oldRoles, role) == -1))
                            System.Web.Security.Roles.AddUserToRole(
                                user.UserName, role);
                }
            }
        }
    }
}

Visual Basic:

Imports MyCompany.Data
Imports System
Imports System.Web.Security

Namespace MyCompany.Rules

    Partial Public Class UsersBusinessRules
        Inherits MyCompany.Data.BusinessRules

        ''' <summary>
        ''' This method will execute in any view before an action
        ''' with a command name that matches "Update".
        ''' </summary>
        <Rule("r102")> _
        Public Sub r102Implementation( _
                    ByVal userID As FieldValue, _
                    ByVal userName As String, _
                    ByVal password As FieldValue, _
                    ByVal email As FieldValue, _
                    ByVal comment As FieldValue, _
                    ByVal passwordQuestion As FieldValue, _
                    ByVal passwordAnswer As FieldValue, _
                    ByVal isApproved As FieldValue, _
                    ByVal lastActivityDate As Nullable(Of DateTime), _
                    ByVal lastLoginDate As Nullable(Of DateTime), _
                    ByVal lastPasswordChangedDate As Nullable(Of DateTime), _
                    ByVal creationDate As Nullable(Of DateTime), _
                    ByVal isLockedOut As FieldValue, _
                    ByVal lastLockedOutDate As Nullable(Of DateTime), _
                    ByVal failedPasswordAttemptCount As Nullable(Of Integer), _
                    ByVal failedPasswordAttemptWindowStart As Nullable(Of DateTime), _
                    ByVal failedPasswordAnswerAttemptCount As Nullable(Of Integer), _
                    ByVal failedPasswordAnswerAttemptWindowStart As Nullable(Of DateTime), _
                    ByVal roles As FieldValue, _
                    ByVal confirmPassword As String, _
                    ByVal roleID As Nullable(Of Integer))
            ' prevent execution of CRUD operations by the application framework
            PreventDefault()
            ' get user object by name
            Dim user As MembershipUser = Membership.GetUser(userName)
            If Not (user Is Nothing) Then
                ' update "Email" if changed
                If email.Modified Then
                    user.Email = Convert.ToString(email.Value)
                    Membership.UpdateUser(user)
                End If
                ' update "Is Approved" if changed
                If isApproved.Modified Then
                    user.IsApproved = Convert.ToBoolean(isApproved.Value)
                    Membership.UpdateUser(user)
                End If
                ' unlock user account if necessary
                If isLockedOut.Modified Then
                    If (Convert.ToBoolean(isLockedOut.Value)) Then
                        Result.Focus("IsLockedOut", Localize("UserCannotBeLockedOut",
                            "User cannot be locked out. If you want to prevent this " +
                            "user from being able to login then simply mark user as " +
                            "'Not Approved'."))
                        Throw New Exception(Localize("ErrorSavingUser",
                                "Error saving user account."))
                    End If
                    user.UnlockUser()
                End If
                ' update "Comment" if changed
                If comment.Modified Then
                    user.Comment = Convert.ToString(comment.Value)
                    Membership.UpdateUser(user)
                End If
                ' update "Roles" if changed
                If roles.Modified Then
                    Dim newRoles() As String = Convert.ToString(roles.Value).Split(",")
                    Dim oldRoles() As String = System.Web.Security.Roles.GetRolesForUser(
                        user.UserName)
                    For Each role As String In oldRoles
                        If Not (String.IsNullOrEmpty(role) And (Array.IndexOf(
                                                                newRoles, role) = -1)) Then
                            System.Web.Security.Roles.RemoveUserFromRole(user.UserName, role)
                        End If
                    Next
                    For Each role As String In newRoles
                        If Not (String.IsNullOrEmpty(role) And (Array.IndexOf(
                                                                oldRoles, role) = -1)) Then
                            System.Web.Security.Roles.AddUserToRole(user.UserName, role)
                        End If
                    Next
                End If
            End If
        End Sub
    End Class
End Namespace

Save the file.

Delete

Create another business rule:

Property Value
Type C# / Visual Basic
Command Name Delete
Phase Before

Save, regenerate the web app, and open the business rule file in Visual Studio. Replace the code:

C#:

using System;
using System.Data;
using System.Collections.Generic;
using System.Linq;
using System.Text.RegularExpressions;
using System.Web;
using System.Web.Security;
using MyCompany.Data;
using MyCompany.Security;

namespace MyCompany.Rules
{
    public partial class UsersBusinessRules : MyCompany.Data.BusinessRules
    {

        /// <summary>
        /// This method will execute in any view before an action
        /// with a command name that matches "Delete".
        /// </summary>
        [Rule("r103")]
        public void r103Implementation(
                    FieldValue userID,
                    string userName,
                    string password,
                    string email,
                    string comment,
                    string passwordQuestion,
                    string passwordAnswer,
                    bool? isApproved,
                    DateTime? lastActivityDate,
                    DateTime? lastLoginDate,
                    DateTime? lastPasswordChangedDate,
                    DateTime? creationDate,
                    bool? isLockedOut,
                    DateTime? lastLockedOutDate,
                    int? failedPasswordAttemptCount,
                    DateTime? failedPasswordAttemptWindowStart,
                    int? failedPasswordAnswerAttemptCount,
                    DateTime? failedPasswordAnswerAttemptWindowStart)
        {
            // prevent execution of CRUD operations by the application framework
            PreventDefault();
            // delete the user account
            MembershipUser user = Membership.GetUser(userName);
            Membership.DeleteUser(user.UserName);
            // instruct the client library to display the previous view
            Result.ShowLastView();
            // instruct the client library to show a confirmation message
            Result.ShowMessage(String.Format(Localize("UserHasBeenDeleted",
                "User \'{0}\' has been deleted."), user.UserName));
        }
    }
}

Visual Basic:

Imports MyCompany.Data
Imports System
Imports System.Collections.Generic
Imports System.Data
Imports System.Linq
Imports System.Text.RegularExpressions
Imports System.Web
Imports System.Web.Security

Namespace MyCompany.Rules
    
    Partial Public Class UsersBusinessRules
        Inherits MyCompany.Data.BusinessRules
        
        ''' <summary>
        ''' This method will execute in any view before an action
        ''' with a command name that matches "Delete".
        ''' </summary>
        <Rule("r103")> _
        Public Sub r103Implementation( _
                    ByVal userID As FieldValue, _
                    ByVal userName As String, _
                    ByVal password As String, _
                    ByVal email As String, _
                    ByVal comment As String, _
                    ByVal passwordQuestion As String, _
                    ByVal passwordAnswer As String, _
                    ByVal isApproved As Nullable(Of Boolean), _
                    ByVal lastActivityDate As Nullable(Of DateTime), _
                    ByVal lastLoginDate As Nullable(Of DateTime), _
                    ByVal lastPasswordChangedDate As Nullable(Of DateTime), _
                    ByVal creationDate As Nullable(Of DateTime), _
                    ByVal isLockedOut As Nullable(Of Boolean), _
                    ByVal lastLockedOutDate As Nullable(Of DateTime), _
                    ByVal failedPasswordAttemptCount As Nullable(Of Integer), _
                    ByVal failedPasswordAttemptWindowStart As Nullable(Of DateTime), _
                    ByVal failedPasswordAnswerAttemptCount As Nullable(Of Integer), _
                    ByVal failedPasswordAnswerAttemptWindowStart As Nullable(Of DateTime), _
                    ByVal roles As String, _
                    ByVal confirmPassword As String, _
                    ByVal roleID As Nullable(Of Integer))
            ' prevent execution of CRUD operations by the application framework
            PreventDefault()
            ' delete the user account
            Dim user As MembershipUser = Membership.GetUser(userName)
            Membership.DeleteUser(user.UserName)
            ' instruct the client library to display the previous view
            Result.ShowLastView()
            ' instruct the client library to show a confirmation message
            Result.ShowMessage(String.Format(Localize("UserHasBeenDeleted",
                "User {0} has been deleted."), user.UserName))
        End Sub
    End Class
End Namespace

Save the code.