Roles.IsUserInRole maps call to GetRolesForUser... Why?

Discussion in 'ASP .Net' started by =?Utf-8?B?QmVuIFIu?=, Mar 20, 2006.

  1. Hi,

    The documentation for RoleProvider.IsUserInRole states:

    "The IsUserInRole method is called by the IsUserInRole method of the Roles
    class and the IsInRole method of the RolePrincipal class to determine whether
    the current logged-on user is associated with a role from the data source for
    the configured ApplicationName."

    I put breakpoints on every method in my derived custom roleprovider, and
    make a call in my webpage to Roles.IsUserInRole. The method GetRolesForUser
    is called, while IsUserInRole is not. The runtime seems to take the array of
    strings and search the list for the correct role. Why is it doing this extra
    work when I created an implimentation to do this myself? Why did I bother to
    do this then? When is RoleProvider.IsUserInRole called? Is this a
    documentation defect?

    -Ben
     
    =?Utf-8?B?QmVuIFIu?=, Mar 20, 2006
    #1
    1. Advertising

  2. =?Utf-8?B?QmVuIFIu?=

    clintonG Guest

    Why do men have nipples?

    <%= Clinton Gallagher

    "Ben R." <> wrote in message
    news:...
    > Hi,
    >
    > The documentation for RoleProvider.IsUserInRole states:
    >
    > "The IsUserInRole method is called by the IsUserInRole method of the Roles
    > class and the IsInRole method of the RolePrincipal class to determine
    > whether
    > the current logged-on user is associated with a role from the data source
    > for
    > the configured ApplicationName."
    >
    > I put breakpoints on every method in my derived custom roleprovider, and
    > make a call in my webpage to Roles.IsUserInRole. The method
    > GetRolesForUser
    > is called, while IsUserInRole is not. The runtime seems to take the array
    > of
    > strings and search the list for the correct role. Why is it doing this
    > extra
    > work when I created an implimentation to do this myself? Why did I bother
    > to
    > do this then? When is RoleProvider.IsUserInRole called? Is this a
    > documentation defect?
    >
    > -Ben
     
    clintonG, Mar 20, 2006
    #2
    1. Advertising

  3. Anyone have a helpful answer?

    "clintonG" wrote:

    > Why do men have nipples?
    >
    > <%= Clinton Gallagher
    >
    > "Ben R." <> wrote in message
    > news:...
    > > Hi,
    > >
    > > The documentation for RoleProvider.IsUserInRole states:
    > >
    > > "The IsUserInRole method is called by the IsUserInRole method of the Roles
    > > class and the IsInRole method of the RolePrincipal class to determine
    > > whether
    > > the current logged-on user is associated with a role from the data source
    > > for
    > > the configured ApplicationName."
    > >
    > > I put breakpoints on every method in my derived custom roleprovider, and
    > > make a call in my webpage to Roles.IsUserInRole. The method
    > > GetRolesForUser
    > > is called, while IsUserInRole is not. The runtime seems to take the array
    > > of
    > > strings and search the list for the correct role. Why is it doing this
    > > extra
    > > work when I created an implimentation to do this myself? Why did I bother
    > > to
    > > do this then? When is RoleProvider.IsUserInRole called? Is this a
    > > documentation defect?
    > >
    > > -Ben

    >
    >
    >
     
    =?Utf-8?B?QmVuIFIu?=, Mar 20, 2006
    #3
  4. =?Utf-8?B?QmVuIFIu?=

    clintonG Guest

    Sorry, it sounded to me like you were asking a philosophical question.

    <%= Clinton Gallagher

    "Ben R." <> wrote in message
    news:...
    > Anyone have a helpful answer?
    >
    > "clintonG" wrote:
    >
    >> Why do men have nipples?
    >>
    >> <%= Clinton Gallagher
    >>
    >> "Ben R." <> wrote in message
    >> news:...
    >> > Hi,
    >> >
    >> > The documentation for RoleProvider.IsUserInRole states:
    >> >
    >> > "The IsUserInRole method is called by the IsUserInRole method of the
    >> > Roles
    >> > class and the IsInRole method of the RolePrincipal class to determine
    >> > whether
    >> > the current logged-on user is associated with a role from the data
    >> > source
    >> > for
    >> > the configured ApplicationName."
    >> >
    >> > I put breakpoints on every method in my derived custom roleprovider,
    >> > and
    >> > make a call in my webpage to Roles.IsUserInRole. The method
    >> > GetRolesForUser
    >> > is called, while IsUserInRole is not. The runtime seems to take the
    >> > array
    >> > of
    >> > strings and search the list for the correct role. Why is it doing this
    >> > extra
    >> > work when I created an implimentation to do this myself? Why did I
    >> > bother
    >> > to
    >> > do this then? When is RoleProvider.IsUserInRole called? Is this a
    >> > documentation defect?
    >> >
    >> > -Ben

    >>
    >>
    >>
     
    clintonG, Mar 20, 2006
    #4
  5. On Mon, 20 Mar 2006 06:50:19 -0800, Ben R. wrote:

    > "The IsUserInRole method is called by the IsUserInRole method of the Roles
    > class and the IsInRole method of the RolePrincipal class to determine whether
    > the current logged-on user is associated with a role from the data source for
    > the configured ApplicationName."


    The first part is correct, the second part is incorrect. IsUserInRole is
    called by the IsUserInRole method of the Roles class when you are looking
    up a user who is not the current user.

    When calling IsInRole for the current user, the RolePrincipal class calls
    GetRolesForUser because it caches all the users roles internally, so it
    only has to do this lookup once. It cannot do this if it calls
    IsUserInRole.

    > Why is it doing this extra work when I created an implimentation to do
    > this myself? Why did I bother to do this then? When is
    > RoleProvider.IsUserInRole called? Is this a documentation defect?


    See above. Looks like a documentation defect. Most likely, the caching
    was added late in the product cycle, and the documentation was never
    updated.
     
    Erik Funkenbusch, Mar 20, 2006
    #5
  6. Hi Ben,

    Based on my research , the document does have something inconsistent with
    the actual behavior. I think Erik is right. The
    RoleProvider.IsUserInRole(username, password) is used for checking roles
    for a given user which is not the current loggon user(for current logon
    user, it also use the Principal.IsInRole instead). And for RolePrincipal,
    it always use the GetRolesForUser to cache the roles and do the role
    checking among the cached role list.

    Regards,

    Steven Cheng
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
     
    Steven Cheng[MSFT], Mar 21, 2006
    #6
  7. Hi Steve,

    I want to thank both you and Eric for helping me to confirm my suspicion. Is
    there a formal channel that I need to follow to officially report this defect?

    -Ben

    "Steven Cheng[MSFT]" wrote:

    > Hi Ben,
    >
    > Based on my research , the document does have something inconsistent with
    > the actual behavior. I think Erik is right. The
    > RoleProvider.IsUserInRole(username, password) is used for checking roles
    > for a given user which is not the current loggon user(for current logon
    > user, it also use the Principal.IsInRole instead). And for RolePrincipal,
    > it always use the GetRolesForUser to cache the roles and do the role
    > checking among the cached role list.
    >
    > Regards,
    >
    > Steven Cheng
    > Microsoft Online Support
    >
    > Get Secure! www.microsoft.com/security
    > (This posting is provided "AS IS", with no warranties, and confers no
    > rights.)
    >
    >
     
    =?Utf-8?B?QmVuIFIu?=, Mar 23, 2006
    #7
  8. Thanks for your followup Ben,

    Sure, you can submit this detect or any other comments about the document
    issue in the MSDN product feedback center:

    http://lab.msdn.microsoft.com/productfeedback/default.aspx

    your feedback will be really appreciated!

    Regards,

    Steven Cheng
    Microsoft Online Community Support


    ==================================================

    When responding to posts, please "Reply to Group" via your newsreader so
    that others may

    learn and benefit from your issue.

    ==================================================


    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Steven Cheng[MSFT], Mar 24, 2006
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. VB Programmer

    Wierd results with Roles.IsUserInRole

    VB Programmer, Jan 15, 2006, in forum: ASP .Net
    Replies:
    3
    Views:
    2,878
    =?Utf-8?B?Sm9l?=
    Jan 15, 2006
  2. Mr. SweatyFinger
    Replies:
    2
    Views:
    2,230
    Smokey Grindel
    Dec 2, 2006
  3. mazdotnet

    Bind to Roles.GetRolesForUser

    mazdotnet, Sep 13, 2007, in forum: ASP .Net
    Replies:
    1
    Views:
    1,869
    Alexey Smirnov
    Sep 13, 2007
  4. Lyndon Hills

    Roles.IsUserInRole != Context.User.IsInRole

    Lyndon Hills, Oct 20, 2006, in forum: ASP .Net Security
    Replies:
    7
    Views:
    1,057
    Joe Kaplan
    Oct 31, 2006
  5. Codifier

    AzMAN/ADAM-Roles.IsUserInRole() issues

    Codifier, Jan 19, 2010, in forum: ASP .Net Security
    Replies:
    1
    Views:
    1,026
    Codifier
    Jan 19, 2010
Loading...

Share This Page