1

The only place I know of that a RoleProvider gets used is when you use an Authorize attribute. Where else can I use a RoleProvider and does it get invoked anywhere other than places I might specifically reference roles (I'm thinking similar to how the Login controls automatically use MembershipProvider)

Said in another way, if I write my own role management layer, but don't implement the actual RoleProvider contract, what built-in functionality in ASP.NET will I be missing out on?

kenwarner
  • 28,650
  • 28
  • 130
  • 173
  • possible duplicate of [ASP.NET MVC - Alternative to Role Provider?](http://stackoverflow.com/questions/4837103/asp-net-mvc-alternative-to-role-provider) – KP. May 30 '11 at 13:58

2 Answers2

2

Here are a few ways the built-in RoleProvider adds value:

1: The LoginView control uses roles to allow you to show different content to different roles. It will hook into the RoleProvider to do so.

Example of using roles with the LoginView control: 

<asp:LoginView id="LoginView1" runat="server">
    <RoleGroups>
        <asp:RoleGroup Roles="author">
            <ContentTemplate>
                some content here based on if user is in 'author' role....
            </ContentTemplate>
        </asp:RoleGroup>
        <asp:RoleGroup Roles="editor">
            <ContentTemplate>
                some content here based on if user is in 'editor' role....
            </ContentTemplate>
        </asp:RoleGroup>
    </RoleGroups>
</asp:LoginView>

2: You can grant access to physical paths on the server (i.e. subfolders, etc.) by web.config settings, such as:

<configuration>
  <location path="MemberPages">
    <system.web>
      <authorization>
        <allow roles="members, administrators" />
        <deny users="*" />
      </authorization>
    </system.web>
  </location>
  <!-- other configuration settings here -->
<configuration>

3: You can easily detect user roles and take actions in code, such as:

if (User.IsInRole("members"))
{
   //do something
}
else
{
   //do something else
}

The list goes on and on. This discussion has honestly been had many times - don't reinvent the wheel by creating your own role system. Just implement the abstract role provider and be done with it. Here is a good article on the background of Role Management in ASP.NET.

EDIT: After you clarified you actually want to know how the RoleProvider benefits you under MVC, here is what you are looking for:

ASP.NET MVC - Alternative to Role Provider?

Community
  • 1
  • 1
KP.
  • 13,218
  • 3
  • 40
  • 60
  • Thanks. Can you point me in the direction of the list goes on and on part? I'm using asp.net mvc so #1 and #2 don't do much for me. I already get #3 in my data model. – kenwarner May 27 '11 at 20:27
  • Couple of things - your wording on the question alude to using it in ASP.NET (not MVC) even though it's tagged with both so I'd suggest revising it if you want to know specifically how does role provider help you with MVC. Secondly the point is the framework for the provider model is built in. All you need to do is override a few methods. I find it hard to imagine a faster route is through a custom data model or other means. Features aside develop time should be faster through the existing infrastructure. – KP. May 30 '11 at 13:55
  • This question is about ASP.NET in general, whether webforms or mvc (i did btw mention `AuthorizeAttribute` in my OP which is MVC). my particular circumstance concerns MVC and whether I'll even gain any benefit from using a RoleProvider. Your #1-3 were exactly the information I was looking for, not the other SO question you posted. If there aren't any other reasons to reason a RoleProvider other than #1-3, I'll probably end up doing something along the lines of that custom interface in the other question. – kenwarner May 30 '11 at 16:34
0

Stright-forward answer to your question would be "No". RoleProvider or any other provider do not participate in main-stream pipeline of ASP.Net and ASP.Net request does not need any RoleProvider to fulfill the request.

Rather than putting the technical material, I'd answer a more philosophical answer and respect the efforts put in by KP in the answer.

RoleProvider is basically a functional add-on to ASP.Net that lets you work against your Role-system without having to know any functional details at run-time. ASP.Net 2.0 introduced a whole new way of dealing with users and roles. Rather then providing integrated user and role management they decided to make it extensible yet easy to use. They created a new pattern called "Provider" and shipped default providers for each functionality, like user, role and session. They are known as MembershipProvider, RoleProvider and SessionProvider. However, Microsoft does not restrict you to use only the providers shipped with ASP.Net 2.0. You can define your own MembershipProvider and declare them in web.config as default provider. The ProviderBase class would force you to implement each method to let your provide work cohesively and when you make them default from web.config, at runtime you need not know the details of the any target provider that you may have in the system. The client-code is consistent across any specific provider.

Hope this helps.

this. __curious_geek
  • 42,787
  • 22
  • 113
  • 137