About the Sample .NET Web Application


EmpowerID provides a sample .NET Web application, AndysBeans, for your use when evaluating EmpowerID Web Access Management. Andy's Beans is a fictional company that sells coffee online. The application comes with its own database of users, roles and products and is configured with out-of-the-box security to keep users without an appropriate role from:

  • accessing specific URLs, such as the "sso.empowerid.com/andysbeans/employees/MyHr" URL or
  • performing a specific action, such as creating a new employee or adding a product to the store catalog.

Anonymous users can access the site's home page, browse for coffee and add products to their carts. Anonymous users, however, cannot browse to any of the site's employee or admin pages. These pages are restricted to authenticated users with appropriate roles.


AndysBeans is an ASP.NET MVC 4 Web application that is targeted toward environments with version 4 or higher of the .NET framework installed. To run the application, ensure that you have the correct version of the framework installed on the server running the application.

The following image shows the home page of the AndysBeans application.




You may notice in the image that there is no mechanism in place for users to log into Andy's Beans. This is because logins are controlled by EmpowerID. Users attempting to access protected URLs must authenticate to EmpowerID.

Default Roles and Users


AndysBeans uses Forms Authentication to authenticate users and is secured by ASP.NET's Simple Role and Membership Providers. Using these providers, we have created three roles to secure the site. To access any of the protected pages or perform a protected task within the site, log in as a user with one these roles.

Employees: Users in this role can access the employees pages.

Product Manager: Users in this role have administrative access to the Andy's Beans product catalog and can perform the following actions in the application:

  • Edit attributes on any product in the product catalog
  • Add new products to the product catalog
  • Remove any product from the product catalog

Employee Manager: Users in this role have administrative access to any Andy's Beans employee and can perform the following actions in the application:

  • Edit attributes on any employee 
  • Provision new employees
  • Delete employees


New employees have an initial password of "pass@word1" and their usernames are a concatenation of their first and last names separated by a period and appended with "@andybeans.com." So, if you create an employee with the first name "John" and the last name "Doe," the username for that employee is john.doe@andybeans.com and the password is pass@word1.


The table below lists all users and their default membership roles. Each of these membership roles corresponds to one or more of the Andy's Beans Roles. You can add and remove users from either the "Product Manager" or "Employee Manager" role, but to remove a user from the Employee Membership Role, you must delete the user.


As you can see in the table, the Employee Membership Role does not correspond to a single Andy's Beans Role as the Product Manager and Employee Membership Roles do. Regardless of the Andy's Beans Role an employee has, the employee belongs to the Employee Membership Role.


NameMembership RoleAndy's Beans RoleUsernamePassword
Patrick ParkerEmployeeIT Department Managerpatrick.parker@andybeans.compass@word1
George VargheseEmployee, Product ManagerProduct Managergeorge.varghese@andybeans.compass@word1
John AdamsEmployeeDeveloperjohn.adams@andybeans.compass@word1
Barry ChandlerEmployeeDeveloperbarry.chandler@andybeans.compass@word1
Dawn ReedEmployeeAccounting Department Managerdawn.reed@andybeans.compass@word1
Sam JonsonEmployeeAccountantsam.jonson@andybeans.compass@word1
Vince LoPrestiEmployeeAccountantvince.lopresti@andybeans.compass@word1
Maria HansenEmployeeSales Department Managermaria.hansen@andybeans.compass@word1
Fritz DameEmployeeSales Repfritz.dame@andybeans.compass@word1
Rhonda BlackEmployeeCustomer Service Reprhonda.black@andybeans.compass@word1
Chuck MorrisonEmployeeCustomer Service Department Managerchuck.morrison@andybeans.compass@word1
Andy BlackEmployeeCustomer Service Repandy.black@andybeans.compass@word1
Michael HesslerEmployeeProduct Expeditionmichael.hessler@andybeans.compass@word1
Shaun OstingEmployeeProduct Expeditionshaun.osting@andybeans.compass@word1
Michelle EmerichEmployeeProduct Expeditionmichelle.emerich@andybeans.compass@word1
Jack HohmanEmployeeProduct Expeditionjack.hohman@andybeans.compass@word1
Felicia HartmanEmployeeProduct Expeditionfelicia.hartman@andybeans.compass@word1
Charles StripeEmployee, Employee ManagerEmployee Managercharles.stripe@andybeans.compass@word1
Greg RaposaEmployeeFront Deskgreg.raposa@andybeans.compass@word1
Tim JohnsonEmployeeDevelopertim.johnson@andybeans.compass@word1
Tina SmithEmployeeDevelopertina.smith@andybeans.compass@word1
Steven CarmensonEmployeeAccountantsteven.carmenson@andybeans.compass@word1
David PeteEmployeeSales Repdavid.pete@andybeans.compass@word1
Hank HannimanEmployeeCustomer Service Rephank.hanniman@andybeans.compass@word1
Luciana StellmanEmployeeBenefits Repluciana.stellman@andybeans.compass@word1


When users log into the Web application, the app displays links appropriate to their role. For example, users in the Employee role see an Employees link at the top of each page, while users in one of the admin roles will see an Employees link as well as an Admin link. Clicking the Employees link takes users to the Employees home page and clicking the Admin link takes users to one of the Admin home pages. The Admin home page that appears depends on the role of the user. Users in the Product Manager role who click the Admin link are directed to the productmanager pages, while users in the Employee Manager role who click the Admin link are directed to the employeemanager pages. The following two images demonstrate this. In the first image, Charles Stripe has logged into Andy's Beans. Because he is in both an employee and an employee manager, he sees both the Employees link and the Admin link. In the second image, Charles sees the home page for the Employee Manager after clicking on the Admin link.

The image below shows the AndysBeans home page that appears for Charles Stripe. Because he is an employee and has the Employee Manager role, he sees links for the Employees and Admin pages.




The following image shows the EmployeeManager page that appears to users in the Employee Manager role. From this page, he can provision new employees and edit or delete current employees.