I'm developing an ASP.NET system that has two different 'tiers' of roles. The main tier will use Active Directory groups to determine membership, while the second tier will use a database. All users will have a tier-1 AD role, but not all users will have a tier-2 database role.
I know I can use the AspNetWindowsTokenRoleProvider to manage the AD roles, and I know I can use the SqlRoleProvider to manage the database roles... what I'd like to do is use both, simultaneously - is this possible?
I would recommend deriving from WindowsTokenRoleProvider, then overriding GetAllRoles, GetRolesForUser, etc.
Call the base class first, then append the appropriate list of roles from your database.
BTW, as the database key I'd recommend using the account SID (or a hash of it) instead of the DOMAIN\username string, since the username may change (marriage, etc.) and leave orphaned role entries. Happens more often than you expect :-(
Providers are built so as to be "pluggable" - in theory you can drop in whichever one you need and have it just work work. They are also documented so that you can extend the existing ones or use your own.
Basically therefore you want your own provider that will allow you to combine the two - to do this you can either, as suggested by @devstuff, inherit from one or other and then merge the results in overriden methods or you can create what is in effect a proxy class (there's probably a proper name for the pattern) that has instances of both the AD and SQL provider and passes the calls through and merges the results that way.
Fundamentally however the answer is to author your own provider combining the two stock providers to meet your specific requirement.