I'd like to glue my custom permissioning system into a new ASP.NET MVC app. I've done a fair amount of work writing my own custom AuthorizeAttribute for the app. I've also written my own custom MembershipProvider and RoleProvider implementations. All of this works beautifully, up until I need to check the Roles my user is a part of. I did all this so I could simply do this on my controllers, and I used the default MVC template in VS2010 to retro fit my code as a prototype:
[CustomAuth(Roles='X')]
public ActionResult DoSomething()
My custom system is a bit whacky though. I don't call into a SQL db. It is a simple webservice that provides 3 methods: CheckPassword, GetPermissions, WebLogin. WebLogin simply wraps both CheckPassword and GetPermissions into one call. When using WebLogin from within ValidateUser didn't work I called TestPassword from within MembershipProvider.ValidateUser(userName,password) and when this call was successfull I would get back the UserID, else it would fail and I'd get back a NULL.
The problem is when I call into my implementation of RoleProvider. The abstract class defined GetRolesForUser with a single parameter of userName. My GetPermissions() method needs more than a single userName to work. It is defined like so:
GetPermissions(privateKey,userName)
Clearly, calling this from within the following RoleProvider method isn't going to work. I can't pass privateKey to the method that is supported out of the box.
public override string[] GetRolesForUser(string username)
Is it impossible to get my own custom method called from within my own custom RoleProvider?