I’m going to repost this series of “development tips” related to Commerce Server 2007 to help other folks get started with their development work. All of these “tips” come directly from what I’ve learned (the hard way) over the past eight months and are intended to save you time and effort. All code samples are now based upon the RTM version and have been tested in our production environment.

CS2007 now offers a custom ASP.NET 2.0 compatible membership provider (UpmMembershipProvider) for authentication and authorization. What’s still lacking however, is a custom role provider which is essential for most B2B scenarios. Finding this feature absent from the CTP and Beta builds, I did what any red-blooded American developer would do, I built it myself!

[Well almost by myself. I did get a ton of preview documentation from Brian Goldfarb and a role provider template from Joshua Flanagan, but I wrote almost ten lines of code myself to get it to work. That counts. Doesn’t it? (LOL)]

The source code to the Commerce Server 2007 UpmRoleProvider can be downloaded here.

The “heart” of the code is shown below and it’s amazingly simple to implement thanks to the new “Provider” model used by ASP.NET 2.0. I use the Commerce Server UserObject Profile to store the user’s “role” as the weakly-typed profile property GeneralInfo.user_role.

public override string[] GetRolesForUser(string username)
        // Throw an exception if the username is null or empty
        verifyParameter(username, “username”);
        // Get the User Profile of the person currently logged in.
        Profile userProfile = CommerceContext.Current.ProfileSystem.GetProfile(“email_address”, username, “UserObject”);
        // Get the User Role value from the customer property in the modified UserObject profile
        string userrole = userProfile.Properties[“GeneralInfo.user_role”].Value.ToString();
        // Return an empty string array if the User Role property was not set
        if (String.IsNullOrEmpty(userrole))
            return new string[] { “” };
        // else return the User Role in a string array
        return new string[] { userrole };        

To make this work, you add the UpmRoleProvider.cs class file to your Commerce Server web site’s App_Code folder and add the following to it’s Web.Config file.

In any site sub-folder that you wish to limit access to a certain role (such as the “Admin” role) you simply add the following code to it’s Web.Config.

The really cool thing about this is how it automatically enables SiteMap Security Trimming as I posted about several months ago. The result is pretty cool. If you belong to the “Admin” role, you can “see” all the menu choices as shown below.

If you belong to the “Normal User” role, you only “see” the appropriate menu choices as shown here.

Download the sample code and give it a try in your Commerce Server 2007 B2B site and let me know what you like and don’t like.

Special thanks to Brian Goldfarb and Joshua Flanagan for their guidance and sample code.

Technorati Tags: Commerce Server