How does IPrincipal gets its roles?

Question

I need to get know how SiteMapProvider.IsAccessibleToUser() works.

Built-in XmlSiteMapProvider calls HttpContext.User.IsInRole() which uses System.Security.Principal.GenericPrincipal in case of forms authentication.

Where does the current user gets its roles? Which provider loads this kind of information? I want to overload it and use custom logic.

score 3 · Accepted Answer · answered May 23 '10 at 22:38

3

You do this by implementing a RoleProvider. Check out these links:

http://msdn.microsoft.com/en-us/library/8fw7xh74.aspx

http://www.codeproject.com/KB/aspnet/WSSecurityProvider.aspx

answered May 23 '10 at 22:38

eidylon

7,068
20
75
118

1

To be more precise, `public override bool IsUserInRole(string userName, string roleName) { }` – abatishchev May 24 '10 at 18:10
1

Yes. As an aside, two extension methods I like to make to extend the base-class of User (System.Security.Principal.IPrincipal) are "IsInAnyRole(string[])" and "IsInAllRoles(string[])" to check if a user is in ALL the roles or ANY of the roles in the passed in array. These can be useful for complex role logic. Implementation as your own exercise. – eidylon May 24 '10 at 18:16

score 2 · Answer 2 · edited May 24 '10 at 08:17

2

To use custom logic, you can create your own forms authentication cookie with roles and read it back in Global.asax.

See these:

private void SetAuthenticationCookie(int employeeID, List<string> roles)

protected void Application_AuthenticateRequest(Object sender, EventArgs e)

http://weblogs.asp.net/rajbk/archive/2010/04/01/securing-an-asp-net-mvc-2-application.aspx

edited May 24 '10 at 08:17

abatishchev

98,240
88
296
433

answered May 24 '10 at 02:19

Raj Kaimal

8,304
27
18

How does IPrincipal gets its roles?

2 Answers2