Getting RolePrincipal to use RoleProvider.IsInRole rather than RoleProvider.GetRolesForUser

Discussion in 'ASP .Net Security' started by Keith Patrick, Aug 8, 2006.

  1. I have a custom security backend that I need to integrate with ASP.Net 2.0.
    The problem I have is that being in a role is not evaluated as simply
    "myRoles.Contains(role)". There's some logic that goes on in a webservice
    such that I really do have to ask the security system the question: "Is the
    user in the role", since the role is in a format that has to be parsed into
    some parameters to get passed elsewhere. GetRolesForUser won't work because
    the security system cannot simply enumerate these roles for string
    comparison. However, RolePrincipal is sealed, so I cannot change its
    behavior. I can fix the sitemap portion (I think) by creating a custom
    sitemap provider that changes implementation of IsAccessibleToUser, but that
    doesn't fix the rest of the controls that wind up calling
    RolePrincipal.GetRolesForUsers.
    Has anyone come up with a way around the string.equals() version of checking
    for a role that asp.net is doing by default?
     
    Keith Patrick, Aug 8, 2006
    #1
    1. Advertisements

  2. RoleManager/RolePrincipal don't have support for what you are trying to do.

    I would suggest to write your own IPrincipal implementation with a customized
    IsInRole method. You can set your Principal on Context.User in the AuthenticateRequest
    event (in an http module or application event handler).
     
    Dominick Baier, Aug 20, 2006
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.