15.4. Running with a Limited Set of Roles

Typically, most of the users on a website are associated with a set of roles that make sense for their given purpose on the site. A limited number of website users, though, may have super privileges or the ability to act as an administrator on the site. Sometimes, it is desirable for this type of user to be able to limit the roles that he or she a part of while performing the normal daily routine on a site. For example, a business user may also have administrative privileges on a site. During the normal workday, though, he or she really does not need to have these privileges available and would rather perform most of the work as a normal user.

Because RolePrincipal depends on a provider for its role information, you can swap in a custom provider that supports the concept of a limited subset of roles being active at any given time for a specific user. As an example, you can create a derived version of SqlRoleProvider that is aware of role restrictions stored in the database. For convenience, I chose to store the set of role restrictions in the Comments property associated with a MembershipUser. You could certainly choose to store this type of role restriction in a different location, but because Membership is already available and has a convenient storage location for this type of information, the sample provider makes use of it. Because a RolePrincipal works exclusively with information returned from GetRolesForUser, the custom provider ...

Get Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.