Working with Roles in ASP.NET 2.0
September 16, 2006 Leave a comment
First, you have to set up the database. You can use the web config tool in Visual Studio if you want to use SQL Express or Access. Otherwise, set up a database in SQL Server with the aspnet_regsql command.
Second, you have to create the role provider information. If you use access or sql express, simply set up using the ASP.NET web configuration tool. If you want to use SQL Server, you have to set the connection string up correctly in the <connectionString> section of web.config matching the name of the role provider (bolded/highlghted below):
<roleManager defaultProvider="RoleManagerProvider" enabled="true" cacheRolesInCookie="true" cookieName=".ASPROLES" cookieTimeout="30" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="All">
<add name="RoleManagerProvider" type="System.Web.Security.SqlRoleProvider"
You can then use the tool and attach to add roles. Or, if you like pain, use SQL instead.
Third, create the web.sitemap file with the pages. I do not have a sample of this, but add a sitemap with solution explorer and you will have the basics.
Now, create the web.config file for the the directory in question. You will have to deny roles on particular pages, if you allow at directory level. The sample below allows a variety of roles, but then has specific people on a specific page. NOTE: In the sample below, I do not technically have to add aministrator and manager to the <location> tag, as they are allowed. It is just more explicit this way.
<allow roles="administrator, manager, employee" />
<allow roles="administrator, manager"/>
<deny roles="employee" />