How does IPrincipal gets its roles?
I need to get know how SiteMapProvider.IsAccessibleToUser()
works.
Built-in XmlSiteMapProvider
calls HttpContext.User.IsInRole()
which uses System.Security.Principal.GenericPrincipal
in case of forms authentication.
Where does the current user gets its roles? Which provider 开发者_如何学Pythonloads this kind of information? I want to overload it and use custom logic.
You do this by implementing a RoleProvider. Check out these links:
http://msdn.microsoft.com/en-us/library/8fw7xh74.aspx
http://www.codeproject.com/KB/aspnet/WSSecurityProvider.aspx
To use custom logic, you can create your own forms authentication cookie with roles and read it back in Global.asax.
See these:
private void SetAuthenticationCookie(int employeeID, List<string> roles)
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
http://weblogs.asp.net/rajbk/archive/2010/04/01/securing-an-asp-net-mvc-2-application.aspx
精彩评论