Roles and Access Control

The Sample Provisioning UI Framework includes a new class, MPSWebUIRoleProvider, that inherits methods from System.Web.Security.RoleProvider. MPSWebUIRoleProvider overrides the following elements:

To learn more about System.Web.Security.RoleProvider, see the following pages:

Table: Roles for Microsoft Provisioning System (MPS) Sample Provisioning User Interface

Role description Role abbreviation
Hosting Admin HA
Reseller organization Admin RA
Customer organization Admin CA
Customer organization User CU
Authenticating users

The role provider will also perform the task of authenticating users. In case an invalid user logs on (either invalid user name or invalid password) the following exception will be thrown:

<response>
<errorContext description="Logon failure: unknown user name or bad password." code="0x8007052e" executeSeqNo="3">
  <errorSource namespace="Active Directory Provider" procedure="Make Path Domain Controller Specific" /> 
  <errorSource namespace="Preferred DC Active Directory Provider" procedure="Search" /> 
  <errorSource namespace="Hosted Active Directory" procedure="GetCallerUiRoles" /> 
  </errorContext>
  </response>

The error message contained in the description attribute will be displayed to the user in the login page. If no exception is thrown we can extract the role of the logged in user.

Depending upon the logged in user and the assigned role, the user will be able to perform various operations.

[an error occurred while processing this directive]