About the Sample .NET Web Application

EmpowerID provides a sample .NET Web application, AndysBeans, for your use when evaluating EmpowerID Web Access Management. Andy's Beans is a fictional company that sells coffee online. The application comes with its own database of users, roles and products and is configured with out-of-the-box security to keep users without an appropriate role from:

  • accessing specific URLs, such as the "sso.empowerid.com/andysbeans/employees/MyHr" URL or

  • performing a specific action, such as creating a new employee or adding a product to the store catalog.

Anonymous users can access the site's home page, browse for coffee and add products to their carts. Anonymous users, however, cannot browse to any of the site's employee or admin pages. These pages are restricted to authenticated users with appropriate roles.

AndysBeans is an ASP.NET MVC 4 Web application that is targeted toward environments with version 4 or higher of the .NET framework installed. To run the application, ensure that you have the correct version of the framework installed on the server running the application.

The following image shows the home page of the AndysBeans application.

You may notice in the image that there is no mechanism in place for users to log into Andy's Beans. This is because logins are controlled by EmpowerID. Users attempting to access protected URLs must authenticate to EmpowerID.

Default Roles and Users

AndysBeans uses Forms Authentication to authenticate users and is secured by ASP.NET's Simple Role and Membership Providers. Using these providers, we have created three roles to secure the site. To access any of the protected pages or perform a protected task within the site, log in as a user with one these roles.

Employees: Users in this role can access the employees pages.

Product Manager: Users in this role have administrative access to the Andy's Beans product catalog and can perform the following actions in the application:

  • Edit attributes on any product in the product catalog

  • Add new products to the product catalog

  • Remove any product from the product catalog

Employee Manager: Users in this role have administrative access to any Andy's Beans employee and can perform the following actions in the application:

  • Edit attributes on any employee 

  • Provision new employees

  • Delete employees

New employees have an initial password of "pass@word1" and their usernames are a concatenation of their first and last names separated by a period and appended with "@andybeans.com." So, if you create an employee with the first name "John" and the last name "Doe," the username for that employee is john.doe@andybeans.com and the password is pass@word1.

The table below lists all users and their default membership roles. Each of these membership roles corresponds to one or more of the Andy's Beans Roles. You can add and remove users from either the "Product Manager" or "Employee Manager" role, but to remove a user from the Employee Membership Role, you must delete the user.

As you can see in the table, the Employee Membership Role does not correspond to a single Andy's Beans Role as the Product Manager and Employee Membership Roles do. Regardless of the Andy's Beans Role an employee has, the employee belongs to the Employee Membership Role.

 

Name

Membership Role

Andy's Beans Role

Username

Password

Name

Membership Role

Andy's Beans Role

Username

Password

Patrick Parker

Employee

IT Department Manager

patrick.parker@andybeans.com

pass@word1

George Varghese

Employee, Product Manager

Product Manager

george.varghese@andybeans.com

pass@word1

John Adams

Employee

Developer

john.adams@andybeans.com

pass@word1

Barry Chandler

Employee

Developer

barry.chandler@andybeans.com

pass@word1

Dawn Reed

Employee

Accounting Department Manager

dawn.reed@andybeans.com

pass@word1

Sam Jonson

Employee

Accountant

sam.jonson@andybeans.com

pass@word1

Vince LoPresti

Employee

Accountant

vince.lopresti@andybeans.com

pass@word1

Maria Hansen

Employee

Sales Department Manager

maria.hansen@andybeans.com

pass@word1

Fritz Dame

Employee

Sales Rep

fritz.dame@andybeans.com

pass@word1

Rhonda Black

Employee

Customer Service Rep

rhonda.black@andybeans.com

pass@word1

Chuck Morrison

Employee

Customer Service Department Manager

chuck.morrison@andybeans.com

pass@word1

Andy Black

Employee

Customer Service Rep

andy.black@andybeans.com

pass@word1

Michael Hessler

Employee

Product Expedition

michael.hessler@andybeans.com

pass@word1

Shaun Osting

Employee

Product Expedition

shaun.osting@andybeans.com

pass@word1

Michelle Emerich

Employee

Product Expedition

michelle.emerich@andybeans.com

pass@word1

Jack Hohman

Employee

Product Expedition

jack.hohman@andybeans.com

pass@word1

Felicia Hartman

Employee

Product Expedition

felicia.hartman@andybeans.com

pass@word1

Charles Stripe

Employee, Employee Manager

Employee Manager

charles.stripe@andybeans.com

pass@word1

Greg Raposa

Employee

Front Desk

greg.raposa@andybeans.com

pass@word1

Tim Johnson

Employee

Developer

tim.johnson@andybeans.com

pass@word1

Tina Smith

Employee

Developer

tina.smith@andybeans.com

pass@word1

Steven Carmenson

Employee

Accountant

steven.carmenson@andybeans.com

pass@word1

David Pete

Employee

Sales Rep

david.pete@andybeans.com

pass@word1

Hank Hanniman

Employee

Customer Service Rep

hank.hanniman@andybeans.com

pass@word1

Luciana Stellman

Employee

Benefits Rep

luciana.stellman@andybeans.com

pass@word1

When users log into the Web application, the app displays links appropriate to their role. For example, users in the Employee role see an Employees link at the top of each page, while users in one of the admin roles will see an Employees link as well as an Admin link. Clicking the Employees link takes users to the Employees home page and clicking the Admin link takes users to one of the Admin home pages. The Admin home page that appears depends on the role of the user. Users in the Product Manager role who click the Admin link are directed to the productmanager pages, while users in the Employee Manager role who click the Admin link are directed to the employeemanager pages. The following two images demonstrate this. In the first image, Charles Stripe has logged into Andy's Beans. Because he is in both an employee and an employee manager, he sees both the Employees link and the Admin link. In the second image, Charles sees the home page for the Employee Manager after clicking on the Admin link.

The image below shows the AndysBeans home page that appears for Charles Stripe. Because he is an employee and has the Employee Manager role, he sees links for the Employees and Admin pages.

 

The following image shows the EmployeeManager page that appears to users in the Employee Manager role. From this page, he can provision new employees and edit or delete current employees.