tags:

views:

84

answers:

1
Q: 

Grouping roles in custom membership provider in ASP.Net MVC 2

Maybe I'm using the wrong terms, but I've been Googling for two days and just can't find anything on this: grouping roles/permissions. Or maybe I don't quite understand membership in the ASP.Net model.

Currently I have a homegrown authentication system in a PHP site, with users, permissions, and roles. Each role (such as "User" or "Technician") is made up of individual permissions (such as "Add New User" or "Close Ticket"). The site is MVC-based, so when the controller action is called, it looks for a basic permission. If not found, it displays an unauthorized page. When it searches for permissions, it looks inside the role groups. However, a user can be a part of the "User" role and have additional permissions without being part of another role.

How would that translate over to MVC2?

The website has a database tables for the user, user_to_permissions, user_to_roles, permissions, roles, and roles_to_permissions. I think the relationships are pretty self-explanatory. I think I'll need to maintain my own database tables for the users, so I'll have custom forms to add/update their info, and obviously a custom login routine.

Can this even work?

A: 

RoleProvider "roles" are really just permissions. You can roll them up and present them however you like in your UI (see, for example, AzMan and AuthorizationStoreRoleProvider), but that's up to you. They're not really hierarchical.

Craig Stuntz  2010-08-25 20:56:49
So any grouping would be custom and an extension of RoleProvider? I can't find any good, clear tutorials on the membership system at all as it relates to storing user information in a database, either, so once I find one of those I think this all might click better.
Nathan Loding  2010-08-26 01:10:34
Yes, roles are like checkboxes on a user, *as far as the generic RoleProvider is concerned* -- either they're checked (you have the role) or not (you don't). That's it.
Craig Stuntz  2010-08-26 02:49:01

related questions

after running aspnet_regsql.exe , do I have to init the db with data? how?
Not using e-mail address in a custom MembershipProvider?
How to pass the current user to a web control declaratively
How do you rename a Role using Membership in .NET?
What encryption algorithm does the .net membership provider use?
Membership.GetUser() & MARS
Web.config editing for Membership Role Authorization
Globalization of Membership exceptions isn't taking place... What to do?
OpenId development while disconnected from Internet
programmatic login with .net membership provider
Addin extra properties to MembershipProvider
ASP.Net Providers from web server in DMZ
ASP.NET PasswordRecovery Control with Localized content
Examples of asp.net mvc and authentication
ASP.NET Membership for high security scenarios?
ASP.NET Forms Authentication With Only UserName
What to use for membership in ASP.NET
How can I wrap a transaction around Membership.CreateUser?
New site creation and security/authentication,- should I use ASP.net Membership Provider?
ASP.NET WSAT (Website Administration Tool) and Custom Membership Providers
How do you manage asp.net SQL membership roles/users in production?
How to access UserId in ASP.NET Membership without using Membership.GetUser() ?
Can I use OpenId with the ASP MembershipProvider?
How do you pass an authenticaticated session between app domains
Class design decision