ASP.NET FormsAuthentication and membership

Question

I can use forms authentication in ASP.NET without membership. i.e:

FormsAuthentication.RedirectFromLoginPage(usuario.UsuDs, false);//usuario.UsuDS is the textbox  username in login's form

Then i can write code like:

     [Authorize(User="UserTest")]
        public ActionResult Criar(Usuarios usuario)
        {
            try
            {
                ...
            }
                ...
}

And it only authorize "UserTest" user in especific views. However,i would like to write:

     [Authorize(Roles="Admin")]
        public ActionResult Criar(Usuarios usuario)
        {
            try
            {
                ...
            }
                ...
}

But i cant set roles without Membership.

Any ideias to set and get roles from ASP.NET without membership?

Answer 1

Sure you can--the Authorize element just interrogates the IPrincipal living in the HttpContext.Current.User property as to which roles it has. Now, if you were to say, stuff your own custom principal, into that object, you could very easily have roles and such.

Answer 2

You can certainly use roles without Membership. In fact, prior to ASP.NET 2.0 we didn't have Membership at all, garsh darnit, and we liked it that way!! ;-)

Here's an article that shows how to implement roles without Membership: Role-Based Authorization With Forms Authentication. In a nutshell, you have to write some code that assigns the roles to the user once they're authenticated.

Happy Programming!