AuthUser admin service
The AuthP library contains a IAuthUsersAdminService service that contains various admin features for managing AuthP's users. This page describes these admin features and give you some examples of how they might be used in an application.
NOTE: the code for the AuthRolesAdminService can be found here and has plenty of comments. Also the Example4's AuthUsersController contains a fully working AuthP users admin methods / pages, but you have to log in as '[email protected]' or '[email protected]' to access all the admin features.
Here is a list of the various methods in the IAuthUsersAdminService, with example pages from Example4's AuthUsersController.
The QueryAuthUsers(string dataKey = null) will return an IQueryable<AuthUser> query. If the datakey is null, then the query will include all the AuthUsers in the AuthP's database. But if you provide a datakey it will only return the users in the multi-tenant that matches the datakey. This allows you to create an admin user who can only manage users within a specific multi-tenant group (see the Index method in Example4's AuthUsersController for an example of this approach).
The IQueryable<AuthUser> query allows you to select the specific parts of the AuthUser and its relationships to display to the the admin user. In the Example4 application (which includes multi-tenant) I created a AuthUserDisplay class which returned the user's info, roles and tenant name. The screenshot below shows this listing when logged in as the '[email protected]', which is linked to the "4U Inc." tenant.
Things to point out in this screenshot:
- It lists the email & username of each user
- It lists all the Roles of each user
- Because Example4 is using hierarchical multi-tenant database I included the Tenant? column. It you hover / click the YES you get the full name of the tenant.
As you can see, this list of users also contains links to further admin features which are described below. NOTE: the admin links are only shown if your have the correct Role / Permissions.
Sometime you to need to find a user via a string, say for showing data about a specific user. The IAuthUsersAdminService has two methods to do this, which are: FindAuthUserByUserIdAsync(string userId) and FindAuthUserByEmailAsync(string email).
Both methods return a Task<IStatusGeneric<AuthUser>> result. If there are no errors (such as can't find the user), then you get the AuthUser with its UserRoles and UserTenant.
In the AuthUser explained section authentication provider's users are the master list of users. This means AuthP' user admin doesn't have a 'create a new AuthUser' method, but it has two sync methods that works together to a) highlight differences between the authentication provider's users and the AuthP users, and b) a method to update the AuthP database based on the found differences.
NOTE: AuthP's sync code is very complex and building a front-end to use it is complex too. The Example4 application contains a complete implementation of the sync system. I recommend you study this to understand this example, and the extra class called AuthUserChange class, before building your own version.
The IAuthRolesAdminService service contains a method called SyncAndShowChangesAsync. This compares the authentication provider's users and the AuthP users and returns a list of SyncAuthUserWithChange classes which contains the differences. The screenshot is taken from Example4's AuthUser\SyncUsers page showing the three types of differences:
- Update: Email or username has changed in the user in the authentication provider database.
- Add: New users have been added in the authentication provider list of users.
- Remove: The AuthP users have a user that is (no longer) in the authentication provider database.
Things to point out in this screenshot:
- If the "Update all" button (bottom left) is clicked a method called
ApplySyncChangesAsyncis called, which automatically apply the required changes to the AuthP database (This is method is explained in the next section). - To manually make a change, then click the "Edit this" button next to each difference.
- To ignore a change, then click the "Ignore this" button. This will change the button to "Ignored" and clicking the "Update all" button will ignore this.
- Example4 uses BootStrap's bg-warning color to show any changes.
When the "Update all" button is clicked the changes found by the SyncAndShowChangesAsync is sent back as a list of SyncAuthUserWithChange classes. Then the ApplySyncChangesAsync method is called, with the list of SyncAuthUserWithChange classes. The method then applies the changes in the SyncAuthUserWithChange classes to the AuthP user database and returns a message saying what it did.
That's pretty simple, but it relies on ASP.NET Core to return the information needed.
The IAuthUsersAdminService service contains the following method to alter an 'AuthUser`:
ChangeUserNameAndEmailAsync(AuthUser authUser, string userName, string email)AddRoleToUser(AuthUser authUser, string roleName)RemoveRoleToUser(AuthUser authUser, string roleName)ChangeTenantToUserAsync(AuthUser authUser, string tenantFullName)DeleteUserAsync(string userId)