Defining Roles, Groups?

[AMP]

Hi,
I want to use the default SqlMembershipProvider and SqlRolesProvider for an
ASP.NET app. and I want to avoid writing Custom Providers if I can.
The problem I have is how to define the roles in the first place!
We have some standard User roles: Viewer, Author and Editor. But we have
various clients and some users need to have a different role according to
client ie. User Bob will have a Viewer role for Client A data BUT an Author
role for Client B data.

Obviously, I don't want to create a role for every combination eg.
ClientAViewer, ClientBViewer, ClientCViewer, ClientAAuthor etc. etc.
and we dont want to force users to have a different username for each client.

But if I want to use the default SqlRolesProvider, I don't see what else I
can do.
Or am I just approaching this in the wrong way?

Thanks,
Adam

 

[Dominick Baier]

The roles system was not designed for multi client applications -. you will
get something much better suited for your scenario by simply writing your
own roles management...

 

[ronscottlangham]

The roles system was not designed for multi client applications -. you will
get something much better suited for your scenario by simply writing your
own roles management...

I have similar issue, would CardSpace be something of use here?
Basically, use CardSpace to integrate with Active Directory
authentication, and then attach your own custom properties to the user
that specifies their roles for each of the clients. I don't suppose
you would be using the IsInRole method, but instead I suppose the user
would have to provide some method of specifying which client they are
working for and then the web app/service could inspect the properties
for that user and for that client to get the permissions.

Ron

 

[ronscottlangham]

The roles system was not designed for multi client applications -. you will
get something much better suited for your scenario by simply writing your
own roles management...

After some more research, curious if the Profile Provider may be a
better solution. Seems that CardSpace may be overkill for this, plus
may not do what really wanted.. Not sure if my scenario is like
Adam's, but basically I am using Windows Authentication. I also need
to store different access levels for different users, and the access
levels for a user may be change depending upon his current role in the
application. So, really I may need to define my own data storage for
these users and just check their permissions explicitly using custom
code. Was trying to avoid writing a user management database,
especially one that has to keep in sync with the user's Active
Directory entry. Profiles seem to maybe take care of this for you.

Dominick, any thoughts on this?

I suppose would still have to write custom user management software to
get the values into the profiles.

Ron

 

[AMP]

Right.
BTW, I REALLY like the way you can do this:
RolePrincipal p = (RolePrincipal)HttpContext.Current.User;
if(p.IsInRole("Viewer"))
etc....

and I want to keep this the same if possible.
I think what I need to do is write a custom RoleManagerModule to hook into
the PostAuthenticateRequest event and then go from there.
Am I on the right track?

Adam

 

[AMP]

I thought I may have to.
As I understand it, I would need to create a custom RolePrincipal and a
custom RoleManagerModule so I can add any extra code when the
PostAuthenticateRequest event fires.

Am I on the right track here?