none
creating multiple windows users in web app

    Question

  • Is there a way to create accounts for 2000 employees in a batch or bulk mode?  I cannot find any information on this in the forum.  I created an LS web app and am using windows authentication but need to create all the employees.  Is this done with a SQL script, importing a CSV, etc. or some other means or is it not possible and I have to create 2000 employees manually?

    Scott

    Monday, March 12, 2012 6:04 PM

Answers

  • Hi Scott,

    Ravi's suggestion of using AD security groups is the best solution for this but this is a feature of LightSwitch in the VS 11 Beta release.  Not sure if you're able to use that version.  In the first release of LightSwitch, however, security groups are not supported.

    So the alternative is to use an API that is provided in the LightSwitch runtime, both on the client and server.  It's called the SecurityData service and it's exposed from the DataWorkspace object via the SecurityData property.  You can use this service in the same way as you do with the service that is generated when you define your own entities.  Here's an example of how it can be used:

    UserRegistration user = this.DataWorkspace.SecurityData.UserRegistrations.AddNew();
    user.UserName = "DOMAIN\\user";
    this.DataWorksapce.SecurityData.SaveChanges();

    Then it's just a matter of writing the code in such a way that it can consume your list of users.  This might be done by creating a screen that has a screen property of type string that is bound on the screen with a textbox.  You could then paste your list of users into the textbox and have a button which would execute your custom code.  That code would parse the text and create users like I show above.

    Wednesday, March 14, 2012 2:00 PM

All replies

  • Hi Scott,

    Perhaps you could use Active Directory?  http://code.msdn.microsoft.com/windowsdesktop/LightSwitch-Active-5092eaa8.  If not, you may be able to generate a SQL script to add the employess directly to the database or use an Excel data import tool like http://code.msdn.microsoft.com/silverlight/Excel-Importer-for-Visual-61dd4a90.

    Regards,

    Burt

    Monday, March 12, 2012 6:14 PM
  • Do you have an example of a SQL script that would perform this function?  I don't know of any way to access the "users" administration screen from the LS interface?  That is where it seems like it would need to be for an excel import?

    Scott

    Tuesday, March 13, 2012 3:09 PM
  • Scott, I would like to understand your scenario.

    As Burt mentioned, if the the employees you mentioned are part of Active Directory then the best approach is to use Windows authN. Looks like you are already using Windows authentication.

    If these employees are not part of Active Directory then you should be using Forms authentication. In this case you will have to manually enter or create a script that can create employee account for the LightSwitch application. Let us not explore this route.

    On the Access Control tab, where you enable Windows authentication, you can notice that there is a permission designer (table). In this there is a permission called "Security Administration". The last column in against this permission is "Granted for debug". Check this box and then F5. Now in the runtime you will notice 'Administrator' menu in the navigation pane. Under this menu there should be Users/Role screen. Explore the options available on these screens. On Users screen, you can add a user who is part of the Active Directory. To this user you can assign role and do the permission mapping as required for your application. Please explore this and let me know.

    Tuesday, March 13, 2012 5:56 PM
    Moderator
  • I thoroughly understand about the users and roles screens and how to add a single user from AD on the Administration menu.  I am asking about creating 2000 users (I would have to add them individually which would take forever).  The GUI allows me to add a single user quite easily, but there appears to be no "import" from a CSV available on the "users" screen (or way to edit the users screen in the GUI) and no SQL example script which can make this ingestion of users easier?

    Does that make sense?

    Scott

    Tuesday, March 13, 2012 6:03 PM
  • Thanks Scott. Yes, there is no easy way to add multiple users as you described.

    Let us find a solution. Are you re-creating these users? Does the user info exist in some tables or are these users already in Active Directory?

    If the users are in Active Directory then we have a good solution. LightSwitch applications support Security Groups. (http://technet.microsoft.com/en-us/library/bb727067.aspx)

    In the users screen, you can just add the Security Group (similar to adding a user) and assign a role. Now all members of the Security Group will inherit the assigned role (and permissions assigned to that role). You will not have to add each member of the Security Group individually. Please explore this option.

    If the users are not in Active Directory then you will have to explore the option of creating a SQL script that can bulk transfer the user info. It may also be possible to implement a customer authentication provider that can connect to your existing database of users.

    Tuesday, March 13, 2012 6:23 PM
    Moderator
  • Hi Scott,

    Ravi's suggestion of using AD security groups is the best solution for this but this is a feature of LightSwitch in the VS 11 Beta release.  Not sure if you're able to use that version.  In the first release of LightSwitch, however, security groups are not supported.

    So the alternative is to use an API that is provided in the LightSwitch runtime, both on the client and server.  It's called the SecurityData service and it's exposed from the DataWorkspace object via the SecurityData property.  You can use this service in the same way as you do with the service that is generated when you define your own entities.  Here's an example of how it can be used:

    UserRegistration user = this.DataWorkspace.SecurityData.UserRegistrations.AddNew();
    user.UserName = "DOMAIN\\user";
    this.DataWorksapce.SecurityData.SaveChanges();

    Then it's just a matter of writing the code in such a way that it can consume your list of users.  This might be done by creating a screen that has a screen property of type string that is bound on the screen with a textbox.  You could then paste your list of users into the textbox and have a button which would execute your custom code.  That code would parse the text and create users like I show above.

    Wednesday, March 14, 2012 2:00 PM
  • Why don't use SQL Server Management Studio Express (SSMS)? It can export an existing table (with data) to a .SQL Script, then you'll execute that script again. If those users are also from another ASP.net Application (forms auth.), then you need to change only two things in the created script:

    1. Change Use [Your_Old_DB_Name] change this to Use [Your_New_DB_Name] in the first line

    2. Change the ApplicationId in your script to the ApplicationId of your LS app (you can use Find/Replace All in any text editor, even the one in SSMS)

    Like Yann Said : "If you found this post helpful, please "Vote as Helpful". If it actually answered your question, remember to "Mark as Answer". This will help people find the answers that they're looking for more quickly."


    • Proposed as answer by Nadjib Bait Wednesday, March 14, 2012 4:24 PM
    • Edited by Nadjib Bait Wednesday, March 14, 2012 4:28 PM
    Wednesday, March 14, 2012 4:24 PM
  • This worked for me.  I created a blank search screen and used the following code:


    using Microsoft.LightSwitch.Security;

    namespace LightSwitchApplication
    {
        public partial class AdminAddSecurityUsers
        {

            UserRegistration user;

            partial void AddUsers_Execute()
            {
                string[] userlist = Text_UserList.Split(new string[] { "\r" }, StringSplitOptions.None);
                for (int i = 0; i < userlist.Count(); i++)
                {
                    this.ShowMessageBox(userlist[i]);
                    // check to see if the user already exists in the application
                    UserRegistration user = this.DataWorkspace.SecurityData.UserRegistrations_SingleOrDefault(userlist[i]);
                    if (user == null)
                    {
                        user = this.DataWorkspace.SecurityData.UserRegistrations.AddNew();
                        user.UserName = userlist[i];
                        this.DataWorkspace.SecurityData.SaveChanges();
                    }
                    else {
                        this.ShowMessageBox("Error creating \"" + userlist[i] + "\".  The user already exists in the application");
                    }
                    if (Bool_Viewer == true)
                    {
                        var role = this.DataWorkspace.SecurityData.Roles.Where(z => z.Name == "Viewer").FirstOrDefault();
                        var newRA = this.DataWorkspace.SecurityData.RoleAssignments.AddNew();
                        newRA.Role = role;
                        newRA.User = user;
                        try
                        {
                            this.DataWorkspace.SecurityData.SaveChanges();
                        }
                        catch {
                        }
                    }
                    if (Bool_Reviewer == true)
                    {
                        var role = this.DataWorkspace.SecurityData.Roles.Where(z => z.Name == "Reviewer").FirstOrDefault();
                        var newRA = this.DataWorkspace.SecurityData.RoleAssignments.AddNew();
                        newRA.Role = role;
                        newRA.User = user;
                        try
                        {
                            this.DataWorkspace.SecurityData.SaveChanges();
                        }
                        catch{
                        }
                    }
                }
            }

            partial void Bool_Reviewer_Changed()
            {
                if (Bool_Reviewer == null)
                {
                    Bool_Reviewer = false;
                }
            }

            partial void Bool_Viewer_Changed()
            {
                if (Bool_Viewer == null)
                {
                    Bool_Viewer = false;
                }
            }
        }
    }

    NOTE: I also added a couple boolean checkboxes to add them to roles (in my app).  This works great and will also check to see if the user already is in the app.

    Thanks for the right direction!

    Scott

    Wednesday, March 14, 2012 5:23 PM