Is RoleProvider needed to use [Authorize(Roles = "Admin")]?

StackOverflow https://stackoverflow.com/questions/18581720

I would like to use the [Authorize(Roles = "Admin")] attribute on my ASP.net MVC controller actions. Do I need to have a role provider configured (either out of the box or custom) to do this? If I do, and I want to use a custom role provider, which method(s) must be implemented in order to use the AuthorizeAttribute?

Thanks so much.

有帮助吗?

解决方案

Yes, you need Role Provider in order to use [Authorize(Roles = "Admin")]

Take a look at new ASP.NET Universal Providers which uses Entity Framework Code First.

(Note: Old ASP.Net Membership Provider generated by aspnet_regsql.exe uses schema and store procedures. I do not recommend using it.)

If you want to implement Custom Role Provider, minimum you need to override the following method (other methods are optional) - 

public override string[] GetRolesForUser(string username)

Updated for Comment

if I have to use a MembershipProvider or can I get away with just using a RoleProvider to use [Authorize(Roles = "Admin")] on my controller actions

Normally, you want to use MembershipProvider if you want to use RoleProvider. Otherwise, you will need to create IPrincipal object and add the user's authorized roles to the object.

According to this post, you cannot customize [map] with Universal Providers.

The original question is about renaming the membership tables which you cannot do (unless you create Custom Membership Provider and Custom Role Provider). However, you can create relationships between your tables and membership tables. In addition, you can include membership tables in your store procedures.

其他提示

许可以下: CC-BY-SA归因
不隶属于 StackOverflow
scroll top