Assigning roles to a smart card authenticated user

[Pdub]

When accessing our web sites, users must enter their smart card, type in a
PIN, and then a third party site authenticates and sets a server variable if
they are valid. My apps take this value
(request.ServerVariables("HTTP_OURUSERS")) and then compares it to values in
my database. Based on this I set the role of the user. In classic asp apps
this was pretty straight forward; I would set a session value containing the
role and then each page had an include that checked to see if a user had
permission to access this page.

I would like to take advantage of the role manager in asp.net but I am very
confused as to the best way to go about it. In the one asp.net I have done, I
had 2 roles and used the master page to allow or deny access to each page. My
new app has 4 roles and a lot more pages. Any advice on the best direction is
greatly appreciated.

 

[Joe Kaplan]

Probably the right way to do this would be to implement your own custom role
provider class that reads this header value and does the database lookup to
retrieve the roles. This should integrated nicely with both the role
manager framework and your custom authentication system that you have in
place. You just derive a class from the RoleProvider base class.

The important methods to implement are IsUserInRole and GetRolesForUser,
although you have to override several others as well. Most of the other
ones you can probably leave with empty method bodies to start with.

Joe K.