Determine whether role is primary or inherited

Topics: NetSqlAzMan Core
Dec 17, 2012 at 4:41 PM



I have been using RoleProvider to determine LDAP roles and authorizations for a given user.  I have been successfully determining all roles and all authorizations for a user, and I see that I can determine whether an item is a member of an Item. 


I'm wondering if there is a way to determine, given a role which a user belongs to, whether the user is defined explicitly as a member of this role, or if they are instead a member of the role through inheritance (i.e. the role itself does not specify the user as a member, but instead the role is a child member within another role, in which this user is a 'primary', or explicitly defined user.)


Example -

-In Role A, I am an authorized user. 

-Role B is defined as a child role in NetSqlAzMan. 

-I am not listed as an authorized user of Role B, but "roleProvider.GetRolesForUser(username)" returns both of these roles.

If I iterate through these roles, when I am working with Role B, is there a way to determine that I am not directly authorized to this role, but instead granted via inheritance.  Or, vice versa, if I am working with Role A in the foreach, is there a way to determine that I am defined directly as user to this Role?


Please let me know if that is unclear.




Dec 17, 2012 at 8:35 PM


Can you tell me why you need to know how the user gets the role? It should be transparent in your design. I have designed a shared security framework for all applications in the company. Every time a developer came to me and ask this question, I knew he/she had a bad design. Because a Role is a Role. It doesn't matter how the user gets the Role. If you need act differently by how the user gets the Role, you may need define a different Role.