> Hi,
> I want to use the default SqlMembershipProvider and SqlRolesProvider
> for an
> ASP.NET app. and I want to avoid writing Custom Providers if I can.
> The problem I have is how to define the roles in the first place!
> We have some standard User roles: Viewer, Author and Editor. But we
> have
> various clients and some users need to have a different role according
> to
> client ie. User Bob will have a Viewer role for Client A data BUT an
> Author
> role for Client B data.
> Obviously, I don't want to create a role for every combination eg.
> ClientAViewer, ClientBViewer, ClientCViewer, ClientAAuthor etc. etc.
> and we dont want to force users to have a different username for each
> client.
>
> But if I want to use the default SqlRolesProvider, I don't see what
> else I can do. Or am I just approaching this in the wrong way?
>
> Thanks,
> Ada

<dbaier@pleasepleasenospam_leastprivilege.com> wrote:
> The roles system was not designed for multi client applications -. you will
> get something much better suited for your scenario by simply writing your
> own roles management...
>
> -----
> Dominick Baier (http://www.leastprivilege.com)
>
> Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)
>
> > Hi,
> > I want to use the default SqlMembershipProvider and SqlRolesProvider
> > for an
> > ASP.NET app. and I want to avoid writing Custom Providers if I can.
> > The problem I have is how to define the roles in the first place!
> > We have some standard User roles: Viewer, Author and Editor. But we
> > have
> > various clients and some users need to have a different role according
> > to
> > client ie. User Bob will have a Viewer role for Client A data BUT an
> > Author
> > role for Client B data.
> > Obviously, I don't want to create a role for every combination eg.
> > ClientAViewer, ClientBViewer, ClientCViewer, ClientAAuthor etc. etc.
> > and we dont want to force users to have a different username for each
> > client.
>
> > But if I want to use the default SqlRolesProvider, I don't see what
> > else I can do. Or am I just approaching this in the wrong way?
>
> > Thanks,
> > Adam

<dbaier@pleasepleasenospam_leastprivilege.com> wrote:
> The roles system was not designed for multi client applications -. you will
> get something much better suited for your scenario by simply writing your
> own roles management...
>
> -----
> Dominick Baier (http://www.leastprivilege.com)
>
> Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)
>
> > Hi,
> > I want to use the default SqlMembershipProvider and SqlRolesProvider
> > for an
> > ASP.NET app. and I want to avoid writing Custom Providers if I can.
> > The problem I have is how to define the roles in the first place!
> > We have some standard User roles: Viewer, Author and Editor. But we
> > have
> > various clients and some users need to have a different role according
> > to
> > client ie. User Bob will have a Viewer role for Client A data BUT an
> > Author
> > role for Client B data.
> > Obviously, I don't want to create a role for every combination eg.
> > ClientAViewer, ClientBViewer, ClientCViewer, ClientAAuthor etc. etc.
> > and we dont want to force users to have a different username for each
> > client.
>
> > But if I want to use the default SqlRolesProvider, I don't see what
> > else I can do. Or am I just approaching this in the wrong way?
>
> > Thanks,
> > Adam

"Dominick Baier" wrote:

> The roles system was not designed for multi client applications -. you will
> get something much better suited for your scenario by simply writing your
> own roles management...