How do I allow multiple roles to see a page when using a custom RoleProvider in ASP.Net

Question

I have created my own Role Provider because I found the one that ASP.Net provides to be way too bulky in terms of tables in the database. I found implementing a custom RoleProvider to be quite easy.

My only problem is that right now I cannot have multiple roles for a page. I saw somewhere that at the top of your class you need to "anotate it" with some security code. This is what I have

[PrincipalPermission(SecurityAction.Demand, Role="Admin")]

If I try to include multiple roles by using a comma separated list I get errors. If i try to specify multiple role keys then I also get errors. Do i Need to specify multiple PrinicipalPermissions by any chance?

I have very little experience with ASP.Net's role management. Can someone point me in the right direction or at some good literature.

score 75 · Accepted Answer · answered Feb 27 '09 at 15:24

75

you can add the PrinicpalPermission attribute multiple times.

[PrincipalPermission(SecurityAction.Demand, Role="Admin")]
[PrincipalPermission(SecurityAction.Demand, Role="AnotherRole")]

answered Feb 27 '09 at 15:24

Kieron

26,748
16
78
122

53

For anyone wondering, this is for multiple "OR" roles, not "AND". – Ted Apr 07 '09 at 05:44
3

Then can you refer on how to do 'AND'? I find the 'intersect' and 'union' methods quite confusing to read. – Robert Sirre Jul 18 '12 at 15:28

score -2 · Answer 2 · edited Nov 11 '12 at 11:43

-2

[PrincipalPermission(SecurityAction.Demand, Role="Admin,Another RoleName")]

edited Nov 11 '12 at 11:43

Martijn Pieters

1,048,767
296
4,058
3,343

answered Sep 21 '11 at 04:13

JOHN

19
1

How do I allow multiple roles to see a page when using a custom RoleProvider in ASP.Net

2 Answers2