How to add roles to user using Forms Authentication in ASP.NET 2.0

[Jules]

When creating this website I user a custom authentication method to
validate the usercredentials (I think the membership provider is an
overkill since I only use the authentication part).

When I have a authenticated user I use
FormsAuthentication.RedirectFromLoginPage to authenticate the user in
the ASP.NET context. However, I'd like to add roles to this
GenericPricipal.

Therefore I tried
FormsAuthenticationTicket ticket = new
FormsAuthenticationTicket(myUser.Name, false, 30);
FormsIdentity userIdentity = new FormsIdentity(ticket);
GenericPrincipal userPricipal = new GenericPrincipal(userIdentity,
(string[])myUser.Rights.ToArray(System.Type.GetType("System.String")));
HttpContext.Current.User = userPricipal;

Two problems;
1) When I navigate to a different aspx page within my application I
lose this context and I'm not logged in anymore.
2) When I call FormsAuthentication.RedirectFromLoginPage again, I lose
the context also, but ASP.NET creates new one based on the username.
But now I don't have the user-roles anymore.

So:
How can I add roles to my authenticated user in ASP.NET 2.0 when using
FormsAuthentication?

 

[Erik Funkenbusch]

When creating this website I user a custom authentication method to
validate the usercredentials (I think the membership provider is an
overkill since I only use the authentication part).

Well, ok.

When I have a authenticated user I use
FormsAuthentication.RedirectFromLoginPage to authenticate the user in
the ASP.NET context. However, I'd like to add roles to this
GenericPricipal.

So, in other words, you're not just using authentication. you're also
using roles.

So:
How can I add roles to my authenticated user in ASP.NET 2.0 when using
FormsAuthentication?

Use the RoleProvider. I'm sure you'll also think that's overkill as well.
Honestly, Membership and Rols are pretty well debugged and work very well.
Why you feel the need to reinvent the wheel when using them is so brain
dead simple is beyond me.

 

[Jules]

Erik,

Thank you for your reply. And after some more investigation, I am
taking back my statement about role/membership provider being a
overkill. Since I'm very new to this Provider-thing, my vision about
this was not clear.

Anyway, the solution is actually very easy when using the
RoleProvider-model. I just created my own RoleProvider, and only
implemented the following method.

public override string[] GetRolesForUser(string username)
{
string[] rolesForUser = <LOGIC THAT FETCHES USER ROLES>
return rolesForUser;
}

After registering this to the web.config, it worked like a charm. No I
can easily use the XmlSiteMap provider to customize my menu, by just
setting "roles=".

It even gets better. When implementing this solution[1], I can manage
the role-rights in my application in one place: web.sitemap. When using
this, I don't have to duplicate the roles in de web.config.

Kind regards,

Jules

[1] http://www.codeproject.com/aspnet/aspnet2security.asp