New Tool to Manage Users and Roles for ASP.NET Membership Provider Based Form Based Authentication (FBA)


It’s a nightmare to create users for FBA, isn’t it? – There are several tools out there, but some does not work as expected oder you need to install .NET 4 on a server just to run a simple ASP.NET app that does this job.

In the last 32 minutes ( 😉 ) I created a simple .NET 3.5 based command line tool that enables me (and you) to create and “manage” users for Form Based Authentication.

You can use the tool in the classic command shell, in a batch or in a PowerShell script. – I’ll translate it to plain PowerShell.

 

There is no syntax check of special error handling!

 

After download you need to modify the “ikfbatool.exe.config” file and modify this line:

<add name="aspnetdb" connectionString="Data Source=sps2010;Integrated Security=SSPI;Initial Catalog=aspnetdb"/>

 

Commands:

Action Command Parameter
Create User cu <username> <password> <email> <question> <answer>
Create Role cr <rolename>
List Users lu (none)
List Roles lr (none)
Add User to Role au <username> <rolename>
List User Roles ur <username>
Remove User from Role rr <username> <rolename>
Delete Uer du <username>
Delete Role dr <rolename>
Reset Password rp <username> [<answer>]
Unlock User un <username>

 

Usage samples:

image

 

You can download the VS 2010 project here:

http://gallery.technet.microsoft.com/sharepoint/Tool-to-Manage-Users-and-c75591c4

 

Or you create your own Visual Studio 2010 Console Application project (.NET 3.5) and past the following code into “program.cs”. You need to add a reference to System.Web.

 

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Web.Security;

namespace ik.SharePoint2010.fbatool
{
    class Program
    {
        static void Main(string[] args)
        {
            try
            {
                if( args.Length < 1 )
                {
                    Console.WriteLine(@"
WRITTEN BY INGO KARSTEIN 
No warranty. Provided as ""as is"". Use it at your own risk!

-------------------------------------------------------------------
#create user
cu username password email question answer 

-------------------------------------------------------------------
#create role
cr rolename

-------------------------------------------------------------------
#list users
lu

-------------------------------------------------------------------
#list roles
lr

-------------------------------------------------------------------
#add user to role
ar username rolename

-------------------------------------------------------------------
#list user roles
ur username

-------------------------------------------------------------------
#delete user
du username

-------------------------------------------------------------------
#delete role
dr rolename

-------------------------------------------------------------------
#delete user from role  (""role remove"")
rr username rolename

-------------------------------------------------------------------
#reset password
rp username 
------------------------------------------------------------------- #unlock user (""UNlock user"") un username "
); return; } if( args[0] == "cu" ) { MembershipCreateStatus status; Membership.CreateUser(args[1], args[2], args[3], args[4], args[5], true, out status); Console.WriteLine(status.ToString()); } if( args[0] == "cr" ) { Roles.CreateRole(args[1]); } if( args[0] == "lu" ) { foreach( MembershipUser u in Membership.GetAllUsers() ) { Console.WriteLine(u.UserName); } } if( args[0] == "au" ) { Roles.AddUsersToRole(new string[] { args[1] }, args[2]); } if( args[0] == "ur" ) { foreach( var u in Roles.GetRolesForUser(args[1]) ) { Console.WriteLine(u); } } if( args[0] == "du" ) { Membership.DeleteUser(args[1]); } if( args[0] == "dr" ) { Roles.DeleteRole(args[1]); } if( args[0] == "rr" ) { Roles.RemoveUserFromRole(args[1], args[2]); } if( args[0] == "rp" ) { if( string.IsNullOrEmpty(args[2]) ) Console.WriteLine(Membership.GetUser(args[1]).ResetPassword()); else Console.WriteLine(Membership.GetUser(args[1]).ResetPassword(args[2])); } if( args[0] == "un" ) { Membership.GetUser(args[1]).UnlockUser(); } if( args[0] == "lr" ) { foreach( var u in Roles.GetAllRoles() ) { Console.WriteLine(u); } } } catch( Exception ex ) { var c = Console.ForegroundColor; Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine(ex.Message); Console.ForegroundColor = c; } } } }

Now you need to add and configure a “Application Config File” (app.config) with the following content:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <appSettings/>
  <connectionStrings>
    <add name="aspnetdb" connectionString="Data Source=sps2010;Integrated Security=SSPI;Initial Catalog=aspnetdb"/>
</connectionStrings> <system.web> <membership defaultProvider="MembershipProvider"> <providers> <clear/> <add name="MembershipProvider" connectionStringName="aspnetdb" passwordAttemptWindow="10" enablePasswordRetrieval="false" enablePasswordReset="true" applicationName="/" passwordFormat="Hashed" minRequiredNonalphanumericCharacters="0" passwordStrengthRegularExpression="" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" minRequiredPasswordLength="3" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/> </providers> </membership> <roleManager enabled="true" defaultProvider="RoleManager" > <providers> <clear/> <add name="RoleManager" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, publicKeyToken=b03f5f7f11d50a3a" connectionStringName="aspnetdb" applicationName="/"/> </providers> </roleManager> </system.web> </configuration>

 

You need to manipulate the yellow marked line to meet your system configuration.

The “aspnetdb” you have previously created with “aspnet_regsql.exe”. – You should be able to use any other ASP.NET MemberShip provider.

Advertisements

3 thoughts on “New Tool to Manage Users and Roles for ASP.NET Membership Provider Based Form Based Authentication (FBA)

  1. Thanks, exactly where I was looking for! I do have one question, is it possible to add the users Full Name besides the username?

    1. 😉

      With writing the article and doing some improvements it took me some minutes more. 🙂 But initially it was a quick job.

      Thanks for your comment!

      Kind regards
      Ingo

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s