Other Role Providers

Previous page
Table of content
Next page

Besides the SqlRoleProvider, there is also an AuthorizationStoreRoleProvider which uses Authorization Manager (AzMan)[16] as the backing store for roles. Unless you're already using AzMan elsewhere, this isn't going to buy you much if you're using SqlMembershipProvider, as it only uses a small subset of the features of the AzMan product. The biggest benefit in this case is the fact that roles can be nested, unlike SqlRoleProvider. For example, say you have a role called Administrators, and you'd like anyone in that role to be treated as though they are a member of all other roles. Using AzMan you could make the Administrators role a member of all those other roles. This nesting feature simplifies role management when you have a lot of roles, but it isn't really necessary for simpler applications with only a few roles.

[16] AzMan is beyond the scope of this chapter, but if you want to learn more about it, see http://pluralsight.com/wiki/default.aspx/Keith.GuideBook/WhatIsAuthorizationManager.html, or search for "WhatIsAuthorizationManager."

AuthorizationStoreRoleProvider really shines when you use it coupled with Windows' integrated authentication, where groups are normally used directly as roles via WindowsPrincipal. One of the troublesome things I've found with WindowsPrincipal is that you can easily be lured into hardcoding group names into your code. User.IsInRole("MyDomain\Managers") isn't going to work well if you deploy your application in a different domain or in a nondomain environment. By using the AuthorizationStoreRoleProvider, you'll now be using RolePrincipal, which relies on AzMan roles instead of Windows groups, and all the details of which groups are being used can be isolated into your AzMan policy (which can be stored in a directory service or a simple XML file). Now you can simply write User.IsInRole("Managers") and defer to your AzMan policy to determine which users and groups the Managers role should map onto.

And finally, there's the WindowsTokenRoleProvider, which allows you to use the ASP.NET role manager infrastructure directly with Windows' integrated authentication without AzMan in the picture. I haven't come up with a compelling reason to use this class, but perhaps you might find a corner case where it's really useful. Keep in mind that unlike the other two providers, this one is read-only; you cannot use it to add or remove Windows groups, or to change their membership lists.



Previous page
Table of content
Next page
Essential ASP. NET 2.0
Essential ASP.NET 2.0
ISBN: 0321237706
EAN: 2147483647
Year: 2006
Pages: 104
Authors: Fritz Onion, Keith Brown
BUY ON AMAZON
Network Security Architectures
Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
Pocket Guide to the National Electrical Code(R), 2005 Edition (8th Edition)
Microsoft Office Visio 2007 Step by Step (Step By Step (Microsoft))
.NET-A Complete Development Cycle
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy