How do I implement a custom role provider which supports sub roles?

Question

Are there any good guides on how to implement a custom role provider which has support for parent and child roles?

I have a requirement to have high level Role permissions as per the usual Role provider functionality. However, I also have a requirement to further breakdown permissions into sub roles. I toyed with the idea of having further role instances for sub permissions but I'd prefer to have a native solution which allows for sub roles.

For instance:

[IT]

[IT] > [Admin]

[Extranet]

[Extranet] > [Admin]

In this scenario, the "Admin" role is actually 2 distinct roles, one for IT and one for Extranet scenarios. Ideally, there is no association between the 2 "Admin" roles because they are unique sub roles.

[Edit]: Following Igor's comment I feel I should clarify. The aspnetdb is already hosting multiple applications and therefore the use of the Application Name is not possible to segregate the sub roles as it is already being used to seperate the roles by application.

Answer 1

Hello,

1) Use aggregation of permissions, why do you have to use inheritance? Just assign user to IT and Admin roles and their permissions will be concatenated.

2) Separate Admin(1) and Admin(2) by using Application Name. If I understood you it will be 2 different applications (otherwise rename one Admin to other name)

Luck.

Answer 2

(Should probably tag this with asp.net)

I am unaware of any native (MS) solutions that support Role within Role solutions. If you do not need to provide a role within a role, and you can alway create roles like "IT", "IT_Admin", "Extranet", and "Extranet_Admin".