MVC Authorization Role and IPrincipal - how does it work?

Question

I've managed to successfully implement a custom MembershipProvider for my MVC2 application. I have my own User table as well as Role table.

My problem right now is that when I put in the [Authorize(Roles="blah")] attribute, it doesn't work. I've searched a bit but haven't found a definitive answer I'm looking for, which is -- how does this Role authorization work? My web.config uses the standard AspNet role provider.

My understanding is that I have to have my User.cs class implement the IPrincipal interface, which means, adding the code to check for IsInRole.

My question(s) -- is this correct? How does the framework know to and know how to get my custom User object? My understanding is that the Asp.Net authentication & authorization pieces work with MembershipUser.

Any tips, thoughts, or links would be greatly appreciated, Thx

Answer 1

Is your roles table / code an implementation of a RoleProvider? I believe the IPrincipal works against the default RoleProvider as configured in the web.config.

This forum post talks about what you would need to do in order to implement your own IPrincipal, if need be.

Answer 2

Ok, I think I figured it out, I'm just a little blind.

Since I created my own custom MembershipProvider (with its own custom User table AND Role table), it only stands to reason that I had to implement a custom RoleProvider. So, once I did that, it all makes sense, because the RoleProvider has the IsUserInRole method, i.e.

public override bool IsUserInRole(string username, string roleName)
    {
        IUserRepository userRepository = GetUserRepository();
        User user = userRepository.Retrieve(username);

        // and here, my User class implements IPrincipal
        if (user != null && user.IsInRole(roleName)) 
                return true;
        else
            return false;
    }