Following that, we will explore programmatic techniques.
Before we can look at applying fine grain authorization rules, however, we first need to create a page whose functionality depends on the role of the user visiting it.
And the Roles API includes methods for determining the logged in user's roles.
This tutorial starts with a look at how the Roles framework associates a user's roles with his security context. NET pipeline it is associated with a security context, which includes information identifying the requestor.
A more maintainable approach is to use role-based authorization.
As soon as a match is found, the user is granted or denied access, depending on if the match was found in an URL authorization makes it easy to specify coarse authorization rules that state what identities are permitted and which ones are denied from viewing a particular page (or all pages in a folder and its subfolders).
However, in certain cases we may want to allow all users to visit a page, but limit the page's functionality based on the visiting user's roles.
This may entail showing or hiding data based on the user's role, or offering additional functionality to users that belong to a particular role.
It then examines how to apply role-based URL authorization rules. When using forms authentication, an authentication ticket is used as an identity token.
Following that, we will look at using declarative and programmatic means for altering the data displayed and the functionality offered by an ASP. As we discussed in the method will be called on every request to a page that is protected by the role-based URL authorization rules.If the user's browser does not support cookies, or if their cookies are deleted or lost, somehow, it's no big deal – the Note Microsoft's Patterns & Practices group discourages using persistent role cache cookies.