Hello,

I have been using RoleProvider to determine LDAP roles and authorizations for a given user.  I have been successfully determining all roles and all authorizations for a user, and I see that I can determine whether an item is a member of an Item. 

I'm wondering if there is a way to determine, given a role which a user belongs to, whether the user is defined explicitly as a member of this role, or if they are instead a member of the role through inheritance (i.e. the role itself does not specify the user as a member, but instead the role is a child member within another role, in which this user is a 'primary', or explicitly defined user.)

Example -

-In Role A, I am an authorized user. 

-Role B is defined as a child role in NetSqlAzMan. 

-I am not listed as an authorized user of Role B, but "roleProvider.GetRolesForUser(username)" returns both of these roles.

If I iterate through these roles, when I am working with Role B, is there a way to determine that I am not directly authorized to this role, but instead granted via inheritance.  Or, vice versa, if I am working with Role A in the foreach, is there a way to determine that I am defined directly as user to this Role?

Please let me know if that is unclear.

Thanks!

Jason

Jason,

Can you tell me why you need to know how the user gets the role? It should be transparent in your design. I have designed a shared security framework for all applications in the company. Every time a developer came to me and ask this question, I knew he/she had a bad design. Because a Role is a Role. It doesn't matter how the user gets the Role. If you need act differently by how the user gets the Role, you may need define a different Role.

Richard.