I would like to use the [Authorize(Roles = "Admin")] attribute on my ASP.net MVC controller actions. Do I need to have a role provider configured (either out of the box or custom) to do this? If I do, and I want to use a custom role provider, which method(s) must be implemented in order to use the AuthorizeAttribute?
Thanks so much.
On
Yes you need to have membership/role provider configured to use Authorize(Roles = "Admin"). When you create asp.net mvc project it automatically configured for u. If you use the tool aspnet_regsql.exe it will create membership database. Following link may help
http://www.asp.net/mvc/tutorials/mvc-music-store/mvc-music-store-part-7
To implement custom role provider is bit difficult and lot of coding involve. Please see the following link
http://bojanskr.blogspot.com.au/2011/12/custom-membership-provider.html http://bojanskr.blogspot.com.au/2011/12/custom-role-provider.html http://bojanskr.blogspot.com.au/2011/12/syntaxhighlighter.html http://msdn.microsoft.com/en-us/library/6tc47t75.aspx
Yes, you need Role Provider in order to use
[Authorize(Roles = "Admin")]Take a look at new ASP.NET Universal Providers which uses Entity Framework Code First.
(Note: Old ASP.Net Membership Provider generated by aspnet_regsql.exe uses schema and store procedures. I do not recommend using it.)
If you want to implement Custom Role Provider, minimum you need to override the following method (other methods are optional) -
Updated for Comment
Normally, you want to use MembershipProvider if you want to use RoleProvider. Otherwise, you will need to create IPrincipal object and add the user's authorized roles to the object.
The original question is about renaming the membership tables which you cannot do (unless you create Custom Membership Provider and Custom Role Provider). However, you can create relationships between your tables and membership tables. In addition, you can include membership tables in your store procedures.