Programming Microsoft ASP.NET 4 - Dino Esposito [427]
guests[1] = "Godzilla";
Roles.AddUsersToRole(guests, "Guest")
At run time, information about the logged-in user is available through the HTTP context User object. The following code demonstrates how to determine whether the current user is in a certain role and subsequently enable specific functions:
if (User.IsInRole("Admin"))
{
// Enable functions specific to the role
...
}
When role management is enabled, ASP.NET looks up the roles for the current user and binds that information to the User object.
The Roles Class
When role management is enabled, ASP.NET creates an instance of the Roles class and adds it to the current request context—the HttpContext object. The Roles class features the methods listed in Table 19-12.
Table 19-12. Methods of the Roles Class
Method
Description
AddUsersToRole
Adds an array of users to a role.
AddUsersToRoles
Adds an array of users to multiple roles.
AddUserToRole
Adds a user to a role.
AddUserToRoles
Adds a user to multiple roles.
CreateRole
Creates a new role.
DeleteCookie
Deletes the cookie that the role manager used to cache all the role data.
DeleteRole
Deletes an existing role.
FindUsersInRole
Retrieves all the user names in the specified role that match the provider user name string. The user names found are returned as a string array.
GetAllRoles
Returns all the available roles.
GetRolesForUser
Returns a string array listing the roles that a particular member belongs to.
GetUsersInRole
Returns a string array listing the users who belong to a particular role.
IsUserInRole
Determines whether the specified user is in a particular role.
RemoveUserFromRole
Removes a user from a role.
RemoveUserFromRoles
Removes a user from multiple roles.
RemoveUsersFromRole
Removes multiple users from a role.
RemoveUsersFromRoles
Removes multiple users from multiple roles.
RoleExists
Returns true if the specified role exists.
Table 19-13 lists the properties available in the Roles class. All the properties are static and read-only. They owe their value to the settings in the Table 19-13. Properties of the Roles Class Property Description ApplicationName Returns the provider’s nickname. CacheRolesInCookie Returns true if cookie storage for role data is enabled. CookieName Specifies the name of the cookie used by the role manager to store the roles. It defaults to .ASPXROLES. CookiePath Specifies the cookie path. CookieProtectionValue Specifies an option for securing the roles cookie. Possible values are All, Clear, Hashed, and Encrypted. CookieRequireSSL Indicates whether the cookie requires SSL. CookieSlidingExpiration Indicates whether the cookie has a fixed expiration time or a sliding expiration. CookieTimeout Returns the time, in minutes, after which the cookie will expire. CreatePersistentCookie Creates a role cookie that survives the current session. Domain Indicates the domain of the role cookie. Enabled Indicates whether role management is enabled. MaxCachedResults Indicates the maximum number of roles that can be stored in a cookie for a user. Provider Returns the current role provider. Providers Returns a list of all supported role providers. Some methods in the Roles class need to query continuously for the roles associated with a given user, so when possible, the roles for a given user are stored in an encrypted cookie. On each request, ASP.NET checks to see whether the cookie is present; if so, it decrypts the role ticket and attaches any role information to the User object. By default, the cookie is a session cookie and expires as soon as the user closes the browser. Note that the cookie is valid only if the request is for the current user. When you request role information for other users, the information is read from the data store using the configured role provider. Note Role management passes through the role manager HTTP module. The module is responsible for adding the appropriate