tags:

views:

235

answers:

2
+2  Q: 

asp.net membership/roles provider question

My application needs the ability to be secured at different levels for different teams. For example, someone may be an administrator for one team but may only be a viewer for another.

Ideally I'd like to have a single, small set of roles, but I'd like to assign people to separate roles per teams. i.e. "Joe" might be an administrator for TeamA but have Reader access for TeamB.

Will the Asp.Net provider framework support this?

--Matt

Update: My issue is with the "IsInRole" method. It takes a single parameter. Other than hacking it (concatenating two items together, like the team ID and the role name) is there any other way to pull this off?

A: 

Not straight out of the box. You would need to create a custom provider to support this functionality

here is an example of creating a custom membership provider http://www.asp.net/learn/videos/video-189.aspx

clyc  2009-09-08 21:15:47
See the comment I added to the main question above, regarding the "IsInRole" method.
Matthew Timbs  2009-09-08 21:18:21
Microsoft designed it so that you could create your own role provider as well. Create your own class by first inheriting from the RoleProvider and then provide methods that would take the team id, and then the role name
clyc  2009-09-08 21:29:14
you would basically have to write the sql that would do the check
clyc  2009-09-08 21:29:52
+1  A: 

As far as I am aware, there are no groups to roles in terms of how the RoleProvider class works, but there's no reason why you couldn't implement a grouping structure in your datasource. The RoleProvider does support different application names however, so it may be possible to use this to come up with some way of segmenting an application in to logical groups that are identified as being different and thus having different roles assigned to them.

EDIT:

In response to your edit, you could have the structure as follows in your database

Group Table           Access Table           Role Table
id | name             id | name              group_id | access_id | name
-----------           ------------           ---------------------------
1    Team A           1    Guest              1          1         Team A Guest
2    Team B           2    User               1          2         Team A User
                      3    Admin              1          3         Team A Admin

an have a mechanism for updating the name field in the Role table when a new row is inserted.

Implementing a custom RoleProvider is very straightforward. You simply need to inherit from RoleProvider and override the methods that you need, writing the logic for where the RoleProvider should get the data from.

Russ Cam  2009-09-08 21:19:22
Thanks Russ, that DB structure is similar to the one I was thinking I'd have to use. One problem I'm having though is what the caller will pass to IsInRole. The single parameter (role name) may not work for me. (I've actually oversimplified my question, there's also a hierarchical structure to teams). Anyway, thanks for the input. I think this (or something similar) will be the route I go.---Matt
Matthew Timbs  2009-09-09 12:23:51
@Matt - the name that would be passed in would be the name in the RoleTable i.e. if (User.IsInRole("Team A Guest")).
Russ Cam  2009-09-09 13:41:17
thanks again Russ. That was my thought as well (concatenating the name). I think I can make it work but it feels hacky.
Matthew Timbs  2009-09-09 18:43:39

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps