How To: Working With Roles

Summary

If you need to restrict the access to the resources shared with your users through your applications, role based access control offers a control mechanism based on privileges granted to specific roles.
The Identity Hub allows you to create and assign roles either at application level either at user level.
The privileges granted to a given role should be defined in your applications.

In this topic you will learn the necessary steps to create roles, assign roles to users and applications.
You will also learn how to work with roles in your applications using the SDK's.

Contents

  • Objectives
  • Summary of Steps
  • Step 1 - Create a Role
  • Step 2 - Assign a Role to a User
  • Step 3 - Assign a Role to an Application
  • Step 4 - Use the SDK's to get the Roles of a User

Objectives

  • Work with roles in your applications

Summary of Steps

  • Step 1 - Create a Role
  • Step 2 - Assign a Role to a User
  • Step 3 - Assign a Role to an Application
  • Step 4 - Use the SDK's to get the Roles of a User

Step 1 - Create a Role

In this step you will create a Role.

  • Navigate to the Roles Admin Page and click on New.

  • Provide the following information
    • Name: The name of the role.

  • Click Save. You will navigate to the list of roles, now showing the just created role.


Step 2 - Assign a Role to a User

In this step we will assign one or more roles to a User.

When your app is requesting the roles of a user, only the roles the are selected (that the app is interested in/is using) for the app will be returned. See "Step 3 - Assign a Role to an Application".
  • Navigate to the Users Admin Page.

  • Click any of the users to go to the User's detail page.

  • In the left navigation click the Roles tab.

  • A list of available roles is displayed.

  • Check the roles you want to assign to the user and click Save.

  • The roles are now assigned to the user.


Step 3 - Assign a Role to an Application

In this step we will assign one or more roles to an application.

For more information about Apps see How To: What is an App?.

Applications might not be interested in all the available roles. To limit the roles that are returned to an application when the application is requesting the roles of the user, only assign those roles the application is working with.

  • Navigate to the Apps Admin Page.

  • Click any of the apps to go to the App's detail page.

  • In the left navigation click the Roles tab.

  • A list of available roles is displayed.

  • Check the roles you want to assign to the App and click Save.

  • The roles are now assigned to the App.


Step 4 - Use the SDK's to get the Roles of a User

In this step we will use the SDK's to get the roles of a user.

To install the NuGet Package search for TheIdentityHub.Windows81 in the NuGet Package Manager.


// Your ClientId
var clientId = "[YOUR_CLIENT_ID]";

// Your base URL
var baseUrl = new Uri("https://www.theidentityhub.com/{tenant}");

// Initialize
var identityService = new IdentityService(clientId, baseUrl);

// Authenticate
if(await identityService.TryAuthenticateAsync())
{
    // Get profile info.
    var profile = await identityService.GetProfileAsync();

    // Get friends info.
    var friends = await identityService.GetFriendsAsync();

    // Get roles info.
    var roles = await identityService.GetRolesAsync();
}

To install the NuGet Package search for TheIdentityHub.WindowsDesktop in the NuGet Package Manager.


// Your ClientId
var clientId = "[YOUR_CLIENT_ID]";

// Your base URL
var baseUrl = new Uri("https://www.theidentityhub.com/{tenant}");

// Initialize
var identityService = new IdentityService(clientId, baseUrl);

// Authenticate
if(await identityService.TryAuthenticateAsync())
{
    // Get profile info.
    var profile = await identityService.GetProfileAsync();

    // Get friends info.
    var friends = await identityService.GetFriendsAsync();

    // Get roles info.
    var roles = await identityService.GetRolesAsync();
}

To install the AngularJS SDK, run the following bower command in a command prompt


    bower install theidentityhub-angular

    angular.module('[YOUR_APP_NAME]', ['identityHub'])
        .config(function (identityServiceProvider) {
                identityServiceProvider.config({
                baseUrl: "https://www.theidentityhub.com/{tenant}",
                clientId: "[YOUR_CLIENT_ID]",
                redirectUri: "[YOUR_REDIRECT_URI]",
                popup: false
            });
        });

    identityService.signIn();
    identityService.getRoles();

How To: Sign into your AngularJS App with The Identity Hub

To install the jQuery SDK, run the following bower command in a command prompt


    bower install theidentityhub-jquery

 $.identityService.config({
        baseUrl: "https://www.theidentityhub.com/{tenant}",
        clientId: "[YOUR_CLIENT_ID]",
        redirectUri: "[YOUR_REDIRECT_URI]",
        popup: false
    });

    identityService.signIn();
    identityService.getRoles();

How To: Sign into your AngularJS App with The Identity Hub

To install the NuGet Package search for TheIdentityHub.AspNet in the NuGet Package Manager.

Getting Profile Information from Claims

If your ASP.NET site uses The Identity Hub as a WS-Federation Identity Provider you can use the following code to get the information passed as Claims.

using TheIdentityHub;
var displayName = this.User.DisplayName();
var smallPicture = this.User.SmallPicture();
var emailAddresses = this.User.EmailAddresses();
var roles = this.User.Roles();
...
             

Initialize the Identity Service


// Your ClientId
var clientId = "[YOUR_CLIENT_ID]";
// Your base URL
var baseUrl = new Uri("https://www.theidentityhub.com/{tenant}");
// Initialize
var identityService = new IdentityService(clientId, baseUrl);
                     
If you use the constructor as done above, the SDK will try to get the Access Token from the access token claim on the current principal. If no such claim is found, an error will be thrown.

If you want to specify your own token, use the constructor as shown below.

Set AccessToken


// Access Token
var accessToken = "546465qzer-Lm";
// Initialize
var identityService = new IdentityService(clientId, baseUrl, accessToken);
                     

Getting Role Information


// Get role info.
var roles = await identityService.GetRolesAsync();
                     

ASP.NET Server Side SDK