How do I use Role Authorization in ASP.NET 2.0?

From Guidance Share

Jump to: navigation, search

J.D. Meier, Prashant Bansode, Alex Mackman

Answer

Use the role manager with built-in providers introduced in ASP.NET 2.0 for role authorization. You can perform role authorization in code by performing explicit role checks by using role manager APIs like IsUserInRole. Role manager provides a consistent and simple APIs for role authorization and role management. It also supports built-in providers like WindowsTokenRoleProvider which uses Windows groups as roles, SqlRoleProvider for roles store in SQL Server databases and AuthorizationStoreRoleProvider for AzMan policy roles stores in Active Directory, Active Directory Application Mode (ADAM) or in XML files.

To use role authorization

  • Decide on the role provider to be used depending upon the role store.
  • Enable role manager in your Web.config file, by setting the enabled attribute to true as follows
  <system.web>
     <roleManager enabled="true" />
  </system.web>
  • Add a connection string to the <connectionStrings> section to point to your roles store. If you are using the AuthorizationStoreRoleProvider, this is an LDAP query string pointing to your Authorization Manager Policy store in Active Directory or ADAM. If you are using the SqlRoleProvider, this is a database connection string that points to your role store database.
  • Configure the role provider and make sure the defaultProvider is set correctly to point to the configured role provider. Here is sample for SqlRoleProvider
<configuration>
 <connectionStrings>
   <add name="SqlRoleManagerConnection" 
        connectionString="Data Source=sqlinstance;
                         Initial Catalog=aspnetdb;Integrated Security=SSPI;">
   </add>
 </connectionStrings>
</configuration>
<roleManager enabled="true" defaultProvider="SqlRoleManager">
 <providers>
   <add name="SqlRoleManager" 
        type="System.Web.Security.SqlRoleProvider"
        connectionStringName="SqlRoleManagerConnection"
        applicationName="MyApplication" />
 </providers>
</roleManager>
  • Use Role Manager APIs for accessing and validating the role membership for the user. By default it uses the HttpContext.User object for user identity.

bool isInRole = Roles.IsUserInRole("TestRole");

  • You can also do Role Authorization using PrincipalPermission demands


More Information

For information on using role manager, see “How To: Use Role Manager in ASP.NET 2.0” at http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGHT000013.asp

Personal tools