I have added a user and assigned him to a role, when i use Membership.GetAllUsers() it returns none

Question

Side note: I am using vs2013 express and have installed nothing else.

I am building an intranet site with the following authentication/authorisation goals:

• Custom roles using the Roles class
• No need for logging in, if you are signed into windows, then you're allowed to see the app
• Be able to use [Authorise(Roles="Admin")] kind of attributes
• Be able to manage the Users (Create/Delete/List/Edit) from a UserManagement page.

I have been following this: http://weblogs.asp.net/scottgu/archive/2006/07/23/Recipe_3A00_-Implementing-Role-Based-Security-with-ASP.NET-using-Windows-Authentication-and-SQL-Server.aspx

but i'm not sure how to Create / List out the users... this is what I have so far:

I have added a user and assigned him to a role, when i use Membership.GetAllUsers() it returns none

Web.config bits:

<authentication mode="Windows"></authentication>

<authorization>
  <deny users="?" />
</authorization>

<roleManager enabled="true" defaultProvider="SqlRoleManager">
  <providers>
    <clear/>

    <add name="SqlRoleManager"
         type="System.Web.Security.SqlRoleProvider"
         connectionStringName="EFDbContext"
         applicationName="TEST" />

  </providers>
</roleManager>

<membership defaultProvider="SqlProvider"
  userIsOnlineTimeWindow="15">
  <providers>
    <add
      name="SqlProvider"
      type="System.Web.Security.SqlMembershipProvider"
      connectionStringName="EFDbContext"
      applicationName="TEST"
      enablePasswordRetrieval="false"
      enablePasswordReset="true"
      requiresQuestionAndAnswer="true"
      requiresUniqueEmail="false"
      passwordFormat="Hashed"
      maxInvalidPasswordAttempts="5"
      passwordAttemptWindow="10" />
  </providers>
</membership>

I added my first user in Global.asax like this:

        if(!Roles.RoleExists("Admin"))
        { 
            Roles.CreateRole("Admin");
            Roles.AddUserToRole(@"JIMMYT1988\jimmyt1988", "Admin");
        }

The user and role is working because if I block access to Admin, I'm allowed in.. whereas if I created the user without adding the role, he wasn't allowed access... so that's all good and working.

this is me blocking access to only role of Admin:

[Authorize(Roles = "Admin")]
public class UserController : Controller
{
    private IUserRepository repository;

    public UserController(IUserRepository repo)
    {
        repository = repo;
    }

    public PartialViewResult List()
    {
        IEnumerable<User> users = repository.Users;

        UserListViewModel viewModel = new UserListViewModel();
        viewModel.Users = users;
        viewModel.TotalUsers = Membership.GetNumberOfUsersOnline().ToString();

        return PartialView(viewModel);
    }
}

So I am assuming the user and role of admin are working correctly and I can see the entires in the database... The above controller is part of an abstract -> concrete mapping for specifically membershipprovider users... but I have debugged on the GetAllUsers line and that actually returns the empty list, it's not the mapping going wrong.

Finally I call this:

            MembershipUserCollection users = Membership.GetAllUsers();

which returns no users.

Any idea?

Answer 1

First you need to create your user using the static Membership.CreateUser method:

MembershipUser newUser = Membership.CreateUser(@"JIMMYT1988\jimmyt1988", "password");

And then you can add that user to the role.

Regarding your comment:

How do I go about creating a user that doesn't need a password and yet still be able to list the users out?

I'm not positive, but I think you can set the password related Membership properties to have "0" be the "required length" of a password.

You can add this to the membership section of your web.config:

minRequiredPasswordLength="0"