There are two primary reasons that might make you look at creating a custom role provider.
* You need to store role information in a data source that is not supported by the role providers included with the .NET Framework, such as a teradata database, an Oracle database etc...
* You need to manage role information using a database schema that is different from the database schema used by the providers that ship with the .NET Framework. E,g May be your company uses a custom schema for role authorization..
So how difficult is it to write your own custom role provider in ASP.NET ??
Believe me its as easier as drinking a glass of water :)....A Custom RoleProvider inherits from the abstract base class RoleProvider and has a number of optional methods and properties that can be overrriden.
1. Add a new class to your project and name it as Something like "CustomRoleProvider".
2. Make sure you inherit the class from Abstract class Role Provider.
public class CustomRoleProvider : RoleProvider
/// This method will override the getrolesforuser method in roleprovider and do the custom implementation
public override string GetRolesForUser(string username)
List<string> roles = new List<string>();public override void AddUsersToRoles(string usernames, string roleNames)
//Write your own implementation and add roles returned by your methond to role array
throw new NotImplementedException();
You can choose the methods for which you want to implement in the role provide class. Now your Custom role provider class is ready. Now you need to modify your web.config.
3, You need to enable the custom role provider and let your application know that the Custom role provider is its default role provider. So please add the following section to your web.config in <system.web> section.
<roleManager enabled="true" defaultProvider="RapidRoleProvider" cacheRolesInCookie="true"
<add name="RapidRoleProvider" type="CustomeRoleProvider"/>
If you are using namespace in your web application, make sure you give full directive of the class location in type ... Namespace.ClassName ....
You can see that we are caching the roles in a protected cookie which expires periodically. Once you set Cacherolesincookie = true , your role provider will not reach your datbase everytime user requests for a resource. Instead it checks in the cookie and fetches the result fastly. The advantage is the improvement in performance of the application.
4. Now you are done with your custom role provider and you are ready to use it.. Lets make a small test using declarative security attributes. Lets take some page which is only accessible to user role "Normal".
[PrincipalPermission(SecurityAction.Demand, Role = "Normal")]
public partial class Default : System.Web.UI.Page
When a user tries to access the above page, the GetRolesForUser Method in CustomRoleProvider will be called to verify the user is assigned to the “Normal” Role. If so, the page works fine. If not, a SecurityException will be thrown, not allowing the page to be viewed.
Now your role provider works fine.So you can enable security trimming on your sitemap and implement role based security in your application.
If you have any doubts / Questions, please feel free to leave your comment.
Need more asp.net tips and tricks ? For more Subscribe here or click here to get updates via email