How do I manually set a user's role in ASP.NET MVC?

Implementing a role provider is not particularly hard -- especially if you are only implementing the role checking, not the role management. Just implement those portions that you need and have the rest throw NotImplementedExceptions. If you only have one application you need not be too concerned about that portion either.

Note that the portions that you need will be dictated by how the framework uses it, not how you would use it. I think for example you will need to implement the bit that returns all the user's roles even if you only want to check if they are in a specific role That said, you could omit the whole RoleProvider and do the whole thing in the Session. In this case you'd implement your own AuthorizeAttribute and replace it's authentication and role-checking bits with your own.

Store the user's role in the session once authenticated and check it there using your attribute and the parameters supplied to the attribute for the method/class you've decorated it with.

Implementing a role provider is not particularly hard -- especially if you are only implementing the role checking, not the role management. Just implement those portions that you need and have the rest throw NotImplementedExceptions. If you only have one application you need not be too concerned about that portion either.

Note that the portions that you need will be dictated by how the framework uses it, not how you would use it. I think for example you will need to implement the bit that returns all the user's roles even if you only want to check if they are in a specific role. That said, you could omit the whole RoleProvider and do the whole thing in the Session.In this case you'd implement your own AuthorizeAttribute and replace it's authentication and role-checking bits with your own.

Store the user's role in the session once authenticated and check it there using your attribute and the parameters supplied to the attribute for the method/class you've decorated it with.

The custom AuthorizeAttribute makes the most sense to me (a . NET MVC noob from PHP-land). Thanks for the help!

– Colin O'Dell Aug 19 '09 at 3:08.

If you are using the membership & roles built into asp. Net then look at the AddUserToRole and RemoveUserFromRole: msdn.microsoft.com/en-us/library/system.... Based on how they login you can add and remove them as needed. I couldn't tell from your post if you aren't using the role provider or if you were saying you didn't want to create your own role provider.

If you aren't using the built in role provider then you will have to use whatever coding mechanism you have in place to switch the user at login based on how / where they login from. EDIT: Now that you have shown your code and have stated you are not using the asp. Net roles engine.

You are using the forms auth cookie it appears so override the authenticateRequest of the global. Asax file and set the roles up as needed and create your ticket. Here's a sample in: csharpdotnetfreak.blogspot.com/2009/02/f... The sample only "gets" the roles but you can add/change the roles here.

I think @tvanfosson's solution would work best for what I need. Thanks for the help though! I appreciate it.

– Colin O'Dell Aug 19 '09 at 3:10.

I believe this article (although from 2003) clearly describes the process of assigning roles to a user, and replacing the principal on every request (similar to what NerdDinner does): Authorizing Users with Role-Based Security: msdn.microsoft.com/en-us/library/aa28984....

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.