I'm making a custom MembershipProvider and RoleProvider.
I have database tables with Roles and UsersInRoles and I use LINQ-to-SQL to create objects of the 开发者_开发问答tables.
When invoking [Authorize] on an action method, will it work with my custom RoleProvider? How does it know if the user is authenticated and if the user is in the appropriate role?
The answer is yes. The AuthorizeAttribute uses User.IsUserInRole() method internally. But you have to set your custom provider as default.
Scenario
When the role management is enabled, the RoleManagerModule replaces the HttpContext.User value with a new instance of RolePrincipal. The RolePrincipal uses Roles.IsUserInRole internally as well.
精彩评论