May 7

Written by: Michael Washington
5/7/2015 12:44 PM  RssIcon

image

Visual Studio LightSwitch has a unique feature that allows you to implement strongly typed permissions and allow a website administrator the ability to create unlimited roles and assign the permissions to them. The website administrator can then create users and assign them to the roles. The users will then have access to the totality of the permissions.

image

When you need to administer users and roles in a LightSwitch application, you normally need to add a Silverlight client. However, with many web browsers no longer supporting Silverlight, a HTML option is desired. A good option is the fully featured lsWires project by Dale Morrison. This project borrows a lot of code from that one. The main difference is that this project uses MVC.

Set-Up

image

The first step is to go into the Properties of the LightSwitch project and enable Forms authentication and create permissions (the SecurityAdministration permission will already exist and should not be changed or edited).

image

We can then go into code…

And create code that will control access or filter content based on the permissions a user has:

        partial void SampleDatas_Filter(ref Expression<Func<SampleData, bool>> filter)
        {
            // Filter Security
            // Not a PowerUser or SecurityAdministration
            if ((!this.Application.User.HasPermission(Permissions.PowerUser)) && 
                (!this.Application.User.HasPermission(Permissions.SecurityAdministration)))
            {
                filter = (e => e.SampleAuthenticationType != "PowerUser" && e.SampleAuthenticationType != "Admin");
            }
            // Is a PowerUser but not SecurityAdministration
            if ((this.Application.User.HasPermission(Permissions.PowerUser)) &&
                (!this.Application.User.HasPermission(Permissions.SecurityAdministration)))
            {
                filter = (e => e.SampleAuthenticationType != "Admin");
            }
            // Not a PowerUser but is SecurityAdministration
            if ((!this.Application.User.HasPermission(Permissions.PowerUser)) && 
                (this.Application.User.HasPermission(Permissions.SecurityAdministration)))
            {
                filter = (e => e.SampleAuthenticationType != "PowerUser");
            }
        }

Using The Application

image

When users come to the application, they see a MVC landing page rather than the normal LightSwitch login. This allows you to implement other content or use this as a portal or a hub for multiple LightSwitch applications.

There is a Registration button for users to create new accounts and a Log in button (this functionality has been covered in detail in: Allow LightSwitch Users To Self-Register and Change Passwords Using MVC).

image

When you log in as a user in the Administrators role, you will see the Administration link.

image

The Administration page will allow the application administrator the ability to create and manage users.

However, first the roles should be set-up. Clicking the Edit Permissions and Roles button will allow you to do that.

image

Here roles can be created and edited.

image

Editing a role allows you to assign permissions to the role.

image

Returning to the main Administration screen allows us to edit a user…

image

Clicking the Edit Permissions and Roles allows you to edit them.

image

You will note that you can only add and delete roles not permissions. The actual permissions that a user has, based on the roles the user has been assigned, will display under Effective Permissions.

image

Clicking the LightSwitch Application link on the man page will navigate you to the LightSwitch application.

image

In the LightSwitch application, you can click on Sample Data to add or view data.

image

A user will only be able to see data they have permission for.

(note: If a user adds data for a permission they don’t have, they will see the data initially but not when they return to the page)

Special Thanks

This article would not be possible without the code and information provided by Dale Morrison (@dale_mo/blog.ofanitguy.com) (however, any problems or issues are my own):

Notes

  • The code covered here only works with Forms Authentication.
  • While the code will work in Visual Studio debug mode, to properly test out the application, you will need to publish it. The reason is, that in Visual Studio debug mode you are always TestUser even if you log in as another user.
  • If you have enabled SharePoint in your LightSwitch application then the user management is handled by SharePoint. For more information see Using the Person Business Type
  • This code is just an example. As always, there is no warranty of any kind. Use at your own risk.

Links

Beginning LightSwitch in VS 2013 Part 5: May I? Controlling Access with User Permissions

How to Assign Users, Roles and Permissions to a LightSwitch HTML Mobile Client

Using LightSwitch ServerApplicationContext and WebAPI to Get User Permissions.

Creating Permissions in LightSwitch

Integrating LightSwitch Into An ASPNET Application To Provide Single Sign On

Allow LightSwitch Users To Self-Register and Change Passwords Using MVC

Using MVC With Visual Studio LightSwitch

Download Code

The LightSwitch project is available at http://lightswitchhelpwebsite.com/Downloads.aspx

(you must have Visual Studio 2013 (or higher) installed to run the code)

Tags: MVC
Categories:

5 comment(s) so far...


Gravatar

Re: An HTML MVC LightSwitch Security Administration

Hi,

The downloaded solution doesn't open in Visual Studio 2013 Professional as:
Package 'Microsoft.VisualStudio.TeamFoundation.VersionControl.HatPackage, Microsoft.VisualStudio.TeamFoundation.VersionControl, Version=12.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' failed to load.

All three projects fail to load.

Regards
Steve

By swomble on   5/28/2015 2:45 AM
Gravatar

Re: An HTML MVC LightSwitch Security Administration

@swomble - re-install the Team Explorer for VS 2013. http://www.microsoft.com/en-us/download/details.aspx?id=40776

By Michael Washington on   5/28/2015 4:05 AM
Gravatar

Re: An HTML MVC LightSwitch Security Administration

Hi Michael, thank you so much for sharing your LS knowledge and insight (I also bought your book). While the future of the Silverlight part of LS is pretty clear, the future of the HTML Client side of LS holds much potential. I got this HTML admin example to run in VS 2015 and it works well in local debug mode. But when I publish it online, I cannot get the "Administration" link to appear when I log on as an LS administrator. I think I tried everything to try it make it work online, but to no avail. Any suggestions would be appreciated, thank you.

By Lou on   9/26/2015 12:28 PM
Gravatar

Re: An HTML MVC LightSwitch Security Administration

@Lou - It works because I have used this on several projects. The only thing I can suggest is to run Fidddler(http://www.telerik.com/fiddler) and see if there is anything that is not loading correctly. You can also post a message to https://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=lightswitch and then let me know where you posted on the forum and I can try to help you there (these blog comments are not good for that sort of thing).

By Michael Washington on   9/26/2015 12:32 PM
Gravatar

Re: An HTML MVC LightSwitch Security Administration

Thanks Michael for the quick reply. I submitted a post in the forum that you sent me to entitled: "An HTML MVC LightSwitch Security Administration - Administration Issue".

By Lou on   9/26/2015 11:33 PM

Your name:
Gravatar Preview
Your email:
(Optional) Email used only to show Gravatar.
Your website:
Title:
Comment:
Security Code
CAPTCHA image
Enter the code shown above in the box below
Add Comment   Cancel 
Microsoft Visual Studio is a registered trademark of Microsoft Corporation / LightSwitch is a registered trademark of Microsoft Corporation