Assign Roles and Permissions

I find SS support Roles and Permission, and i know IUserAuthRepository has a method AssignRoles. But i do not know how to give permission to roles, or their do not have relation?

Could you give me a example to show how to use roles and permission, i know add attributes to dto like this [RequiredRole(“Admin”)], but i do not sure how to assign roles and add permission to one user.

I find AssignRoles also assign permissions. so permissions and roles do not have relationship, they are just tow aspect of authentication.

public static void AssignRoles(this IAuthRepository UserAuthRepo, IUserAuth userAuth, ICollection<string> roles = null, ICollection<string> permissions = null)

if you searching for a way to see how to use them, there’s a SS Test that you are able to see this better:

I find WebSudoFeature in the test, what’s that. i can not find documents for that.

It’s just a class name in a example, it can be whatever you want.

I would download the source code and go through it… the Test is actually a good way to start, but you can find all sort of godnesses in the code.

Thank you,WebSudoFeature maybe just a example for deriving IPlugin and IAuthEvents

public class WebSudoFeature : IPlugin, IAuthEvents
    public void Register(IAppHost appHost)
        var authFeature = appHost.GetPlugin<AuthFeature>();

    // Add implementations of all `IAuthEvents` handlers
    public void OnCreated(IRequest httpReq, IAuthSession session) { ... }


Here’s info In Web Sudo from the Release Notes:

Web Sudo

A common UX in some websites is to add an extra layer of protection for super protected functionality by getting users to re-confirm their password verifying it’s still them using the website, common in places like confirming a financial transaction.

WebSudo (by @tvjames) is a new feature similar in spirit requiring users to re-authenticate when accessing Services annotated with the [WebSudoRequired] attribute. To make use of WebSudo, first register the plugin:

Plugins.Add(new WebSudoFeature());

You can then apply WebSudo behavior to existing services by annotating them with [WebSudoRequired]:

public class RequiresWebSudoService : Service
    public object Any(RequiresWebSudo request)
        return request;

Once enabled this will throw a 402 Web Sudo Required HTTP Error the first time the service is called:

var requiresWebSudo = new RequiresWebSudo { Name = "test" };
    client.Send<RequiresWebSudoResponse>(requiresWebSudo); //throws
catch (WebServiceException)
    client.Send(authRequest); //re-authenticate
    var response = client.Send(requiresWebSudo); //success!

Re-authenticating afterwards will allow access to the WebSudo service.

cool, get your point