AuthUser admin service
The AuthP library contains a IAuthUsersAdminService service that contains various admin features for managing AuthP's users. This page describes these admin features and give you some examples of how they might be used in an application.
NOTE: the code for the AuthRolesAdminService can be found here and has plenty of comments. Also the Example4's AuthUsersController contains a fully working AuthP users admin methods / pages, but you have to log in as '[email protected]' or '[email protected]' to access all the admin features.
Here is a list of the various methods in the IAuthUsersAdminService, with example pages from Example4's AuthUsersController.
The IAuthUsersAdminService service contains the method called QueryAuthUsers(string dataKey = null). This method returns an IQueryable<AuthUser> query.
- If the
datakeyis null, then the query will include all theAuthUsersin the AuthP's database. - But if you provide a
datakeyit will only return the users in the multi-tenant that matches thedatakey.
NOTE: Option 2 allows you to create an admin user who can only manage users within a specific multi-tenant group (see the Index method in Example4's AuthUsersController for an example of this approach).
The IQueryable<AuthUser> query allows you to select the specific parts of the AuthUser and its relationships to display to the the admin user. In the Example4 application (which includes multi-tenant) I created a AuthUserDisplay class which returned the user's info, roles and tenant name. The screenshot below shows this listing when logged in as the '[email protected]', which is linked to the "4U Inc." tenant.
Things to point out in this screenshot:
- This example lists the email & username of each user
- This example lists all the Roles of each user
- Because Example4 is using hierarchical multi-tenant database I included the Tenant? column. It you hover / click the YES you get the full name of the tenant.
As you can see, this list of users also contains links to further admin features which are described below. NOTE: the admin links are only shown if your have the correct Role / Permissions.
Sometime you to need to find a user via a string, say for showing data about a specific user. The IAuthUsersAdminService has two methods to do this, which are: FindAuthUserByUserIdAsync(string userId) and FindAuthUserByEmailAsync(string email).
Both methods return a Task<IStatusGeneric<AuthUser>> result. If there are no errors (such as can't find the user), then you get the AuthUser with its UserRoles and UserTenant.
In the AuthUser explained section authentication provider's users are the master list of users. This means AuthP' user admin doesn't have a 'create a new AuthUser' method, but it has two sync methods that works together to a) highlight differences between the authentication provider's users and the AuthP users, and b) a method to update the AuthP database based on the found differences.
This Synchronization relies on getting a list of all the users registered with your authentication provider. This requires you to build a service that implements the ISyncAuthenticationUsers and registering that service with AuthP using the RegisterAuthenticationProviderReader<TSync> extension method. This is explained in the Startup code -> User Admin section.
NOTE: AuthP's sync code is very complex and building a front-end to use it is complex too. The Example4 application contains a complete implementation of the sync system. I recommend you study this to understand this example, and the extra class called AuthUserChange class, before building your own version.
The IAuthRolesAdminService service contains a method called SyncAndShowChangesAsync. This compares the authentication provider's users and the AuthP users and returns a list of SyncAuthUserWithChange classes which contains the differences. The screenshot is taken from Example4's AuthUser\SyncUsers page showing the three types of differences:
- Update: Email or username has changed in the user in the authentication provider database.
- Add: New users have been added in the authentication provider list of users.
- Remove: The AuthP users have a user that is (no longer) in the authentication provider database.
Things to point out in this screenshot:
- If the "Update all" button (bottom left) is clicked a method called
ApplySyncChangesAsyncis called, which automatically apply the required changes to the AuthP database (This is method is explained in the next section). - To manually make a change, then click the "Create" / "Update" / "Delete" button next to each difference.
- To ignore a change, then click the "Ignore" button, which change the button to say "Ignored". This means this change entry will be ignored when the "Update all" button is clicked.
- The sync information finds any changes and in the Example4 implementation it uses BootStrap's bg-warning color to show any changes.
NOTE: If the authentication UserName and Email are then same, then the sync code doesn't register a sync change if the AuthP's user has a different UserName. This allows you to provide useful UserNames in the AuthP users.
When the "Update all" button is clicked the changes found by the SyncAndShowChangesAsync is sent back as a list of SyncAuthUserWithChange classes. Then the ApplySyncChangesAsync method is called, with the list of SyncAuthUserWithChange classes. The method then applies the changes in the SyncAuthUserWithChange classes to the AuthP user database and returns a message saying what it did.
That's simple to call, but getting the ASP.NET Core Controller / Pages is quite complex. I recommend you look at Example AuthUserController document where I describe how I implemented of the sync and manual editing of AuthUsers in the Example4 application.
As you saw in the sync users screenshot you can manually edit any user. The "Delete" button is obvious, the "Edit" could be an add or edit. By calling the
The IAuthUsersAdminService service contains the following method to create /alter an 'AuthUser`:
AddNewUserAsync(string userId, string email, string userName, List<string> roleNames, string tenantName = null)UpdateUserAsync(string userId, string email, string userName, List<string> roleNames, string tenantName = null)AddRoleToUser(AuthUser authUser, string roleName)RemoveRoleToUser(AuthUser authUser, string roleName)DeleteUserAsync(string userId)