Sitecore - Limit the roles a user has

We have sitecore integrated with our AD. Our users have two levels of access level 2 and everything else that needs elevated permissions.开发者_如何学C The level of access granted to the user is determined by two cookies. One is aspxauto cookie which expires in 30 years (level 2) and the other is to expire at the end of session (everything else aka level4). The level4 cookie has a list of roles the user is in (this list is a subset of the list of roles the user is in within AD).

I need to log in a user and add them to roles based on the cookies that are available.

I have so far created my own ADRoleProvider which overrides the GetRolesForUser method and only returns the roles in the cookies. But this ins't working, when I go directly to a secured page it lets me in (because the user is a memeber of the role in AD - even though the cookies do not exist).

I can't remove all the roles the user is in, in AD then add the user to only the roles specified in the cookie for obvious reasons. Is there a way to trick Sitecore into thinking a user is not in a role?

-Victor

Did you try to override IsUserInRole method? I think it is also used when Sitecore tries to resolve access rights.