MVC 4 uses some helper classes from WebMatrix to implement Security and Memberhip. You can read a very nice tutorial here:
http://www.asp.net/web-pages/tutorials/security/16-adding-security-and-membership
If you don't have any special requirements, it's usually not worth it to come up with your own implementation of a Role Provider.
Good Luck!
EDIT: A QUICK TUTORIAL
The following is based on a Model class called "UserProfile" with a corresponding table named the same. This table has a column called "UserId" for the id and one called "UserName" for login. Of course it can have all the info you need, but these are the only ones needed by the WebSecurity to initialize the DB.
Step 1: the web.config. Put this in the system.web
section. This instructs ASP.NET to use the two Simple
providers for Role and Membership:
<roleManager enabled="true" defaultProvider="simple">
<providers>
<clear/>
<add name="simple" type="WebMatrix.WebData.SimpleRoleProvider, WebMatrix.WebData"/>
</providers>
</roleManager>
<membership defaultProvider="simple">
<providers>
<clear/>
<add name="simple" type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData"/>
</providers>
</membership>
Step 2: Application_Start. Add the initialization for your DB for roles and membership tables:
protected void Application_Start()
{
try
{
// Initializes the DB, using the "DefaultConnection" connection string from the web.config,
// the "UserProfile" table, the "UserId" as the column for the ID,
// the "UserName" as the column for usernames and will create the tables if they don't exists.
// Check the docs for this. Basically the table you specify
// is a table that already exists and where you already save your user information.
// WebSecurity will simply link this to its own security info.
if (!WebSecurity.Initialized)
WebSecurity.InitializeDatabaseConnection("DefaultConnection", "UserProfile", "UserId", "UserName", autoCreateTables: true);
}
catch (Exception ex)
{
throw new InvalidOperationException("Cannot init ASP.NET Simple Membership database", ex);
}
}
When the InitializeDatabaseConnection
fires for the first time, it will create 4 tables:
webpages_Membership
webpages_OAuthMembership
webpages_Roles
webpages_UsersInRoles
Step 3: You can now use the Authorize attribute:
[Authorize(Roles="Admin")]
Also, you will now have a lot of methods to create and login your users:
WebSecurity.CreateUserAndAccount(model.UserName, model.Password); // to create users. You can also pass extra properties as anonymous objects
WebSecurity.Login(model.UserName, model.Password, persistCookie: model.RememberMe); // for logins
WebSecurity.Logout();
WebSecurity.ChangePassword(User.Identity.Name, model.OldPassword, model.NewPassword);
// and so on...
I find this approach to be a lot more flexible (and quicker) than rolling your own implementation.