Home/ Questions/Q 7744397
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-01T09:45:27+00:00

This is a MVC 3 project. Just for testing, I have public class MyRoleProvider

  • 0

This is a MVC 3 project. Just for testing, I have

public class MyRoleProvider : RoleProvider
{
    public override string[] GetRolesForUser(string username)
    {
        return new string[] { "0", "1", "2", "4" };
    }

    public override bool IsUserInRole(string username, string roleName)
    {
        bool result = true;
        return result;
    }

I register it in web.config. And then, if I configure the standard SqlMemberShipProvider, something like the following will cause my GetRolesForUser to fire.

[Authorize(Roles="4")]
public class AdminController : Controller
{  //...

However, I don’t want to use the standard SqlMemberShipProvider. I defined by own AuthorizeAttribute as follows, just to test:

public class MyAuthorize : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        bool result = true;
        return result;
        return base.AuthorizeCore(httpContext);
    }

    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        base.HandleUnauthorizedRequest(filterContext);
    }

    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        base.OnAuthorization(filterContext);
    }
}

Now, the following will not cause MyRoleProvider.GetRolesForUser to fire anymore.

[MyAuthorize(Roles="4")]
public class AdminController : Controller
{  //...

The above will trigger MyAuthorize.AuthorizeCore and MyAuthorize.OnAuthorization but not the methods in MyRoleProvider. What is the relationship between the MemberShipProvider, the RoleProvider and the AuthorizedAttribute? When are these relationships defined or configured?

Thanks.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you don’t want to use the standard SqlRoleProvider, don’t configure it. I usually comment it out or delete it.

    Your config will look something like this:

    <roleManager defaultProvider="MyRoleProvider" enabled="true">
  <providers>
    <clear />
    <!--<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
    <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />-->
    <add name="MyRoleProvider" type="Full.Namespace.Of.MyRoleProvider" applicationName="/" />
  </providers>
</roleManager>
    • 0