Search This Blog

Friday, June 25, 2010

SharePoint-MemberShip(Create User with Roles assign to Programatically)

MembershipCreateStatus status;
MembershipUser user = Membership.CreateUser(username, password, email, "Not used", "Not used", true, out status);

SPWeb portalweb = SPContext.Current.Web;

if(portalweb != null) {
SPWeb site = SPContext.Current.Site.RootWeb;
SPRoleDefinitionCollection roleDefinitions = site.RoleDefinitions;
SPRoleAssignmentCollection roleAssignments = site.RoleAssignments;

SPRoleAssignment roleAssignment =
new SPRoleAssignment(username, email, username, "myNotes");

SPRoleDefinitionBindingCollection roleDefBindings = roleAssignment.RoleDefinitionBindings;


Using applications: MOSS 2007, .Net Framework 3.5, SQL Server 2005.

1. SharePoint site is using Forms Based Authentication (FBA) as the Authentication Provider (SQL Server membership provider).
2. Sub sites are created under the parent SharePoint site/Site Collection through a .Net web service using SharePoint SDK.
3. Groups and users are created as follows.

Example: This is the high level code sample taken from the code base

using (SPSite spSite = new SPSite(siteURL))
using (SPWeb parentWeb = spSite.OpenWeb())
if (parentWeb.Webs[siteName].Exists)
using (SPWeb spWeb = parentWeb.Webs[siteName])
spWeb.AllowUnsafeUpdates = true;

//Create new user
MembershipUser membershipUser = Membership.GetUser(userId);

if (membershipUser == null)
membershipUser = Membership.CreateUser(userId, "password", eMail, passwordQuestion, passwordAnswer, isApproved, out status);

//Ensure user in SP site
SPUser newUser = spWeb.EnsureUser(userId);

//Create SP Group
spWeb.SiteGroups.Add(groupName, spWeb.ParentWeb.AssociatedOwnerGroup, null, string.Format("This group is automatically created from the site:{1}", spWeb.Url, spWeb.Name));

spGroup = spWeb.SiteGroups[groupName];

if (spGroup != null)
//Assigining permission to the SP group
SPRoleAssignment roleAssignment = new SPRoleAssignment(spGroup);
SPRoleDefinition roleDefinition = spWeb.RoleDefinitions[roleDefinitionLevel]; //Ex: "Full Control", "Read"

//Adding user to SP Group

spWeb.AllowUnsafeUpdates = false;


1. There are 2 groups available in the sub site;
1. “Admin user group” with “Full Control” privilege.
2. “General user group” with “Read” privilege.


1. Even though login user exists in the membership data store (created from “ “aspnet_regsql.exe”) and SharePoint Site’s Users, some times the logged in user (General User example: “USER X”) doesn’t get authenticated and it’s redirected to “Access Denied” page.
Just after this happens;

o If we logged in as “Admin User” and then sign out

o Then tried to logged in as “USER X” it’s get authenticated and redirected to the “default.aspx” page

1. But if the general user tries to re login after sometime (maximum about 8 hrs) it’s denied. We cannot monitor and come up with exact time duration of the login expiration of “USER X” as it’s rapidly changes.

No comments:

Post a Comment