This tutorial starts with a look at how the Roles framework associates a user's roles with his security context. NET pipeline it is associated with a security context, which includes information identifying the requestor.It then examines how to apply role-based URL authorization rules. When using forms authentication, an authentication ticket is used as an identity token.If the Roles framework is configured to cache the user's roles in a cookie, the class to determine the user's roles. Figure 2: The User's Role Information Can Be Stored in a Cookie to Improve Performance (Click to view full-size image) By default, the role cache cookie mechanism is disabled.It can be enabled through the Note The configuration settings listed in Table 1 specify the properties of the resulting role cache cookie.
A more maintainable approach is to use role-based authorization.
Before we can look at applying fine grain authorization rules, however, we first need to create a page whose functionality depends on the role of the user visiting it.
Let's create a page that lists all of the user accounts in the system in a Grid View.
This may entail showing or hiding data based on the user's role, or offering additional functionality to users that belong to a particular role.
Such fine grain role-based authorization rules can be implemented either declaratively or programmatically (or through some combination of the two).