0

We currently have an application we use to setting up user roles. We have a project in that solution that we use as a reference in several of our other web applications. This project contains a Custom Role Provider that is used by these other web applications. We access this Custom Role Provider in each of our other web applications by adding the following to our web.config:

<roleManager enabled="true" defaultProvider="CustomRoleProvider" cacheRolesInCookie="false">
  <providers>
    <clear />
    <add name="CustomRoleProvider" type="EmployeeManager.RoleProvider.CustomRoleProvider" requiresQuestionAndAnswer="false" />
  </providers>
</roleManager>

What we would like to do is the expose this Custom Role Provider through a Web Service and have each of our web apps retrieve the role information that way. Can this be accomplished through modifications to the above web.config settings?

Scott B.
  • 1
  • 2
  • What `web.config` settings? They're not showing. – J0e3gan Aug 27 '15 at 19:24
  • It should be appearing now @J0e3gan. – Scott B. Aug 27 '15 at 19:37
  • Role Provider is nothing to do with Web Service. You will need to expose web service by yourself via WCF or Web API. – Win Aug 27 '15 at 21:11
  • I am not sure you understood my question @Win. We would like to expose a Custom Role Provider via a Web Service. That shouldn't be overly difficult to do. However, modifying our applications to consume that Custom Role Provider is where we are running into a road block. That is why I was asking if there was anything we could change in the web.config block I posted above that would allow it to access a web service rather than an internal reference to our application. – Scott B. Aug 27 '15 at 21:45

2 Answers2

0

I don't believe so. The reason is that you would need to add a service reference and modify some code to create a client to the service.

I have created a proof-of-concept custom role provider via service recently, so I've thought of the same thing.

Here is another thing to consider now: Security. Now that you have your role provider functionality as a service, you probably want to verify your clients. There are many options, but if you are interested in creating a WCF service and all of the clients are on the domain, using the NetTCPBinding is an option.

To summarize: I don't believe there is any way a service can perform like a custom role provider library. What you CAN do is provider a service that interacts with clients like a service which offers the functionality of a role provider.

AnotherDeveloper
  • 1,242
  • 1
  • 15
  • 36
  • All of the web apps that would need to consume this web service would be on our own domain. We would configure the Custom Role Provider to only expose a handful of fields. More than anything will just be a collection of roles for which the user is a member. Nothing sensitive would be exposed so, and since this would all be internal to our network, security would be rather low on our list of priorities. We do have some ideas how to get around what we are trying to accomplish but we want to exhaust all possibilities before we attempt these less desirable workarounds. – Scott B. Aug 27 '15 at 21:51
0

What you can do is create a custom role provider for your application, and handle the access to the external web service in this custom role provider.

Hernan Guzman
  • 1,235
  • 8
  • 14
  • I think you misunderstood my question Hernan. I want the Custom Role Provider to reside in the Web Service and allow my applications to consume this Web Service and obtain the Custom Role Provider that way. This way I don't have to code a Custom Role Provider in each of my apps. – Scott B. Aug 28 '15 at 19:50