About the Sample .NET Web Application
EmpowerID provides a sample .NET Web application, AndysBeans, for your use when evaluating EmpowerID Web Access Management. Andy's Beans is a fictional company that sells coffee online. The application comes with its own database of users, roles and products and is configured with out-of-the-box security to keep users without an appropriate role from:
- accessing specific URLs, such as the "sso.empowerid.com/andysbeans/employees/MyHr" URL or
- performing a specific action, such as creating a new employee or adding a product to the store catalog.
Anonymous users can access the site's home page, browse for coffee and add products to their carts. Anonymous users, however, cannot browse to any of the site's employee or admin pages. These pages are restricted to authenticated users with appropriate roles.
The following image shows the home page of the AndysBeans application.
You may notice in the image that there is no mechanism in place for users to log into Andy's Beans. This is because logins are controlled by EmpowerID. Users attempting to access protected URLs must authenticate to EmpowerID.
Default Roles and Users
AndysBeans uses Forms Authentication to authenticate users and is secured by ASP.NET's Simple Role and Membership Providers. Using these providers, we have created three roles to secure the site. To access any of the protected pages or perform a protected task within the site, log in as a user with one these roles.
Employees: Users in this role can access the employees pages.
Product Manager: Users in this role have administrative access to the Andy's Beans product catalog and can perform the following actions in the application:
- Edit attributes on any product in the product catalog
- Add new products to the product catalog
- Remove any product from the product catalog
Employee Manager: Users in this role have administrative access to any Andy's Beans employee and can perform the following actions in the application:
- Edit attributes on any employee
- Provision new employees
- Delete employees
As you can see in the table, the Employee Membership Role does not correspond to a single Andy's Beans Role as the Product Manager and Employee Membership Roles do. Regardless of the Andy's Beans Role an employee has, the employee belongs to the Employee Membership Role.
Name | Membership Role | Andy's Beans Role | Username | Password |
---|---|---|---|---|
Patrick Parker | Employee | IT Department Manager | patrick.parker@andybeans.com | pass@word1 |
George Varghese | Employee, Product Manager | Product Manager | george.varghese@andybeans.com | pass@word1 |
John Adams | Employee | Developer | john.adams@andybeans.com | pass@word1 |
Barry Chandler | Employee | Developer | barry.chandler@andybeans.com | pass@word1 |
Dawn Reed | Employee | Accounting Department Manager | dawn.reed@andybeans.com | pass@word1 |
Sam Jonson | Employee | Accountant | sam.jonson@andybeans.com | pass@word1 |
Vince LoPresti | Employee | Accountant | vince.lopresti@andybeans.com | pass@word1 |
Maria Hansen | Employee | Sales Department Manager | maria.hansen@andybeans.com | pass@word1 |
Fritz Dame | Employee | Sales Rep | fritz.dame@andybeans.com | pass@word1 |
Rhonda Black | Employee | Customer Service Rep | rhonda.black@andybeans.com | pass@word1 |
Chuck Morrison | Employee | Customer Service Department Manager | chuck.morrison@andybeans.com | pass@word1 |
Andy Black | Employee | Customer Service Rep | andy.black@andybeans.com | pass@word1 |
Michael Hessler | Employee | Product Expedition | michael.hessler@andybeans.com | pass@word1 |
Shaun Osting | Employee | Product Expedition | shaun.osting@andybeans.com | pass@word1 |
Michelle Emerich | Employee | Product Expedition | michelle.emerich@andybeans.com | pass@word1 |
Jack Hohman | Employee | Product Expedition | jack.hohman@andybeans.com | pass@word1 |
Felicia Hartman | Employee | Product Expedition | felicia.hartman@andybeans.com | pass@word1 |
Charles Stripe | Employee, Employee Manager | Employee Manager | charles.stripe@andybeans.com | pass@word1 |
Greg Raposa | Employee | Front Desk | greg.raposa@andybeans.com | pass@word1 |
Tim Johnson | Employee | Developer | tim.johnson@andybeans.com | pass@word1 |
Tina Smith | Employee | Developer | tina.smith@andybeans.com | pass@word1 |
Steven Carmenson | Employee | Accountant | steven.carmenson@andybeans.com | pass@word1 |
David Pete | Employee | Sales Rep | david.pete@andybeans.com | pass@word1 |
Hank Hanniman | Employee | Customer Service Rep | hank.hanniman@andybeans.com | pass@word1 |
Luciana Stellman | Employee | Benefits Rep | luciana.stellman@andybeans.com | pass@word1 |
When users log into the Web application, the app displays links appropriate to their role. For example, users in the Employee role see an Employees link at the top of each page, while users in one of the admin roles will see an Employees link as well as an Admin link. Clicking the Employees link takes users to the Employees home page and clicking the Admin link takes users to one of the Admin home pages. The Admin home page that appears depends on the role of the user. Users in the Product Manager role who click the Admin link are directed to the productmanager pages, while users in the Employee Manager role who click the Admin link are directed to the employeemanager pages. The following two images demonstrate this. In the first image, Charles Stripe has logged into Andy's Beans. Because he is in both an employee and an employee manager, he sees both the Employees link and the Admin link. In the second image, Charles sees the home page for the Employee Manager after clicking on the Admin link.
The image below shows the AndysBeans home page that appears for Charles Stripe. Because he is an employee and has the Employee Manager role, he sees links for the Employees and Admin pages.
The following image shows the EmployeeManager page that appears to users in the Employee Manager role. From this page, he can provision new employees and edit or delete current employees.