Roles.IsUserInRole maps call to GetRolesForUser... Why?

[Guest]

Hi,

The documentation for RoleProvider.IsUserInRole states:

"The IsUserInRole method is called by the IsUserInRole method of the Roles
class and the IsInRole method of the RolePrincipal class to determine whether
the current logged-on user is associated with a role from the data source for
the configured ApplicationName."

I put breakpoints on every method in my derived custom roleprovider, and
make a call in my webpage to Roles.IsUserInRole. The method GetRolesForUser
is called, while IsUserInRole is not. The runtime seems to take the array of
strings and search the list for the correct role. Why is it doing this extra
work when I created an implimentation to do this myself? Why did I bother to
do this then? When is RoleProvider.IsUserInRole called? Is this a
documentation defect?

-Ben

 

[clintonG]

Why do men have nipples?

<%= Clinton Gallagher

 

[Guest]

Anyone have a helpful answer?

Why do men have nipples?

<%= Clinton Gallagher

 

[clintonG]

Sorry, it sounded to me like you were asking a philosophical question.

<%= Clinton Gallagher

 

[Erik Funkenbusch]

"The IsUserInRole method is called by the IsUserInRole method of the Roles
class and the IsInRole method of the RolePrincipal class to determine whether
the current logged-on user is associated with a role from the data source for
the configured ApplicationName."

The first part is correct, the second part is incorrect. IsUserInRole is
called by the IsUserInRole method of the Roles class when you are looking
up a user who is not the current user.

When calling IsInRole for the current user, the RolePrincipal class calls
GetRolesForUser because it caches all the users roles internally, so it
only has to do this lookup once. It cannot do this if it calls
IsUserInRole.

Why is it doing this extra work when I created an implimentation to do
this myself? Why did I bother to do this then? When is
RoleProvider.IsUserInRole called? Is this a documentation defect?

See above. Looks like a documentation defect. Most likely, the caching
was added late in the product cycle, and the documentation was never
updated.

 

[Steven Cheng[MSFT]]

Hi Ben,

Based on my research , the document does have something inconsistent with
the actual behavior. I think Erik is right. The
RoleProvider.IsUserInRole(username, password) is used for checking roles
for a given user which is not the current loggon user(for current logon
user, it also use the Principal.IsInRole instead). And for RolePrincipal,
it always use the GetRolesForUser to cache the roles and do the role
checking among the cached role list.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[Guest]

Hi Steve,

I want to thank both you and Eric for helping me to confirm my suspicion. Is
there a formal channel that I need to follow to officially report this defect?

-Ben

 

[Steven Cheng[MSFT]]

Thanks for your followup Ben,

Sure, you can submit this detect or any other comments about the document
issue in the MSDN product feedback center:

http://lab.msdn.microsoft.com/productfeedback/default.aspx

your feedback will be really appreciated!

Regards,

Steven Cheng
Microsoft Online Community Support


==================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may

learn and benefit from your issue.

==================================================


This posting is provided "AS IS" with no warranties, and confers no rights.