How to Implement a Custom RoleProvider?

Question

Hi Guys

I'm trying to implement a custom RoleProvider in my ASP.NET MVC application.

I've created a custom MembershipProvider and it works, in that I'm able to successfully validate the user. The next step is to implement the RoleProvider to restrict access to certian Controllers to Admin users only.

Can anyone provide me with a quick outline of the steps I need to take?

The point that I'm at now is I have my controller with the Authorize filter, like so:

[Authorize(Roles="Admin")]
public class AdminOnlyController : Controller
{ 
    // stuff 
}

and I have my CustomRoleProvider class, with the following method along with a load of not-implemented Methods:

public override string[] GetRolesForUser(string username)
{
    if (username == "dave")
    {
        return new string[] { "Admin" };
    }
}

I think I need to add the user to the Role somehow but I don't know how to do that. Ideally the end result would be a scenario where unauthorized users can't access certain controllers, and I in my Views I could determine whether to show links with something like:

if (User.IsInRole("Admin")) { // show links to Admin Controllers }

Can anyone point me in the right direction?

Thanks

Dave

Answer 1

For the not-implemented methods, be sure to throw a NotImplementedException. This should help you figure out which methods are needed in your custom provider to get the job done.

I suspect you'll have to implement IsUserInRole.

Answer 2

I used this as as base line for a custom role manager: http://davidhayden.com/blog/dave/archive/2007/10/17/CreateCustomRoleProviderASPNETRolePermissionsSecurity.aspx

Should work in MVC or Web Forms.