How to Authorize Imperatively If You Use Role Provider

- J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher

If you are using role provider you can do imperative checks by calling Roles.isUserInRole. If you are using the AspNetWindowsToken Role Provider, you can use Imperative authorization against Windows roles. Imperative security is useful when the resource to be accessed or action to be performed is not known until run time or when finer-grained access control beyond the level of a code method is required.

Authorize windows groups or roles that can be SQL or custom roles imperatively by using the Roles.IsUserInRole method to authorize the client. The role can be contained in a variable and changed dynamically if needed, as shown below:
  string RequiredGroup = "Administrators";
  try
  {
    if (!Roles.IsUserInRole(User.Identity.Name, "RequiredGroup"))
    {
      Msg.Text = "You are not authorized to view user roles.";
      UsersListBox.Visible = false;
      return;
    }
  }
  catch (HttpException e)
  {
    Msg.Text = "There is no current logged on user. Role membership cannot be verified.";
    return;
  }

Additional Resources

Last edited Jun 13, 2008 at 7:10 PM by prashantbansode, version 1

Comments

No comments yet.