I’m using Forms authentication and I would like to make use of roles, can I somehow set the role of the user without Membership ?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
A simple way to do it is to store the list of roles in the authentication ticket when the user is authenticated. Then for every request (Application_AuthenticateRequest method of the global.asax file) you extract the roles, add them to a GenericPrincipal object and set the Httpcontext.User property.
Your User.IsInRole("role") and [AuthorizeAttribute(Roles="role")] will then work as normal.
See this answer for code detailing how to do it.
Method 2
Do you mean “without using ASP.NET’s standard Membership implementation”?
If so, then yes, you can by implementing your own Membership and/or Roles provider. See here and here for details about how to implement a Membership/Roles provider.
Method 3
Yes you can.
The only caveat is that roles will not work with an anonymous user (fairly obvious I would have thought) and you’ll need some mechanism to set a user’s identity (which can be anything you like).
The MSDN article:
contains the following information:
However, role management does not
depend on membership. As long as you
have a way in your application to set
user identity, you can use role
management for authorization.
Method 4
You don’t need to implement a whole membership provider.
Create your own Principal (which has the IsInRole method) and Identity.
And then make sure your user object (HttpApplication.Context.User) is populated with your principal on each request.
Done. Now the Authorize attribute will be talking to your principal.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0