views:

10

answers:

0

I'm using AzMan (1.0) for an ASP.Net web app, and I have a question about nested Roles.

Say I have the following roles: MyApp MyAppUser MyAppAdmin MyAppSupport

For the most part, all users (MyApp) can access the app, but some functions will be specific to the other roles.

I want to declaratively restrict access to the web pages to members of the MyApp role.

[PrincipalPermission(SecurityAction.Demand, Role = "MyApp")]

I will check User.IsInRole or use the AzMan API to check for operation permissions within my code.

The users are assigned to the lower level roles (user, admin, support) and those roles are added to the MyApp role.

The problem is that when I check if the user is a member of the MyApp role, they aren't, even though the role they are in belongs to the MyApp role. Is the only way to check this is to recursively go through all the roles? That'd mean I cant use the declarative security, or to do so I'd have to add all users to the top level group as well (not ideal).