This project is read-only.

adding roles

Topics: ASP.NET 2.0
Dec 29, 2009 at 2:04 AM


I realize this has been discussed before but I will give you the low down of what I am trying to do. Basiclly I am working on my page and for the training log section I have a page setup so people can enter their own data which updates my database so people can see their most recent workouts. I have that page set to only beable to be seen by people of a certain role <% if (Page.User.IsInRole("Editors"))  then they can see the link and they can get to it. But I dont want these people to have access to the backend part of blogengine. I added a role to the roles.xml that didnt seem to work, then I attempted to play with the be_roles on the sql database that seems to be locked to editing. Can someone steer me in the right direction on creating a new role or where I can change what the editor has access to.




Dec 29, 2009 at 3:05 AM

Look at web.config for "roleManager defaultProvider". If it is one of the database providers, you'll need to run a query to insert new role. You can check what it should look like based on script that was used to populate roles for your provider in the first place, when setting up BE initially. It is usually in the ~/setup/<yourdbprovidername> folder.

Dec 29, 2009 at 3:27 AM

I was looking at that earlier and its set to 

name="DbRoleProvider" type="BlogEngine.Core.Providers.DbRoleProvider, BlogEngine.Core" connectionStringName="BlogEngine"/>

i looked at the mssqlsetup 1.4.5.sql which makes no sense to me, i looked at the create table for be_userroles and its completely forgien to me

any hints where to go from here?

thanks for the quick response earlier as well

Dec 29, 2009 at 7:55 AM

You should look at your DEFAULT provider ...

<roleManager defaultProvider="XmlRoleProvider".......... />

If your default provider is XmlRoleProvider, then the roles are stored in roles.xml (in App_Data).  If it's DbRoleProvider, then it's the be_Roles table in the DB.

If you make any direct changes to roles.xml or the DB, you'll want to restart BE so it re-queries the datastore to get the latest roles (this type of data is generally cached in memory so the datastore doesn't need to keep getting re-read).  You can restart BE by making any change to the web.config file (add a space, etc).

To prevent a role from accessing page(s) in the control panel, there's two things to do.

1.  In the web.sitemap file in the root of your blog, you can edit the Roles in there tied to each page in the control panel.

2.  In the Admin\Pages folder, there's a file named web.config.  You can edit the Roles in there tied to each page in the control panel.  This file in particular controls whether someone in a specific role can access each page.

Dec 29, 2009 at 8:23 AM

both of you are so great, my default providor is the DbRoleProvider so I will look into that and creating further roles but for now i just removed access to all pages except for the log update. Once again thank you.

Mar 2, 2010 at 5:06 PM

I am using the XML provider. I have added a role to roles.xml and resstarted the blog but they dont show. Should I expect this to show up when I add a new user?


Mar 2, 2010 at 5:17 PM

sorry cancel that I have it sorted