Difference between Roles.GetRolesForUser and Roles.Provider.GetRolesForUser?

Question

I am using Windows authentication and don't have a custom membership. However I do have a custom role provider and turned it on. However, what about the < authorization /> element in the web.config? Do I need to do something with that as well?

At the moment I can't get use Roles.GetRolesForUser("") method (returns nothing) but have to do it like Roles.Provider.GetRolesForUser("")?

The biggest problem is with the sitemaps as it doesn't get into the Roles.IsUserInRole method. For the moment I am using a custom xmlsitemapprovider for this but it isn't neat.

I enabled the rolemanager and the set the securitytrimmingenabled to true for the sitemap in the web.config.

Answer 1

Yes, you need to configure your custom Roles provider in web.config - something like this:

<roleManager enabled="true" defaultProvider="SqlRoleManager">
  <providers>
    <add name="SqlRoleManager" 
         type="System.Web.Security.SqlRoleProvider"
         connectionStringName="SqlRoleManagerConnection"
         applicationName="MyApplication" />
  </providers>
</roleManager>

You should also set security trimming to true, too. eg.

<siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
    <providers>
      <add name="XmlSiteMapProvider"
        description="Default SiteMap provider."
        type="System.Web.XmlSiteMapProvider "
        siteMapFile="Web.sitemap"
        securityTrimmingEnabled="true" />
    </providers>
  </siteMap>