I have been using RoleProvider to determine LDAP roles and authorizations for a given user. I have been successfully determining all roles and all authorizations for a user, and I see that I can determine whether an item is a member of an Item.
I'm wondering if there is a way to determine, given a role which a user belongs to, whether the user is defined explicitly as a member of this role, or if they are instead a member of the role through inheritance (i.e. the role itself does not specify the
user as a member, but instead the role is a child member within another role, in which this user is a 'primary', or explicitly defined user.)
-In Role A, I am an authorized user.
-Role B is defined as a child role in NetSqlAzMan.
-I am not listed as an authorized user of Role B, but "roleProvider.GetRolesForUser(username)" returns both of these roles.
If I iterate through these roles, when I am working with Role B, is there a way to determine that I am not directly authorized to this role, but instead granted via inheritance. Or, vice versa, if I am working with Role A in the foreach, is there a
way to determine that I am defined directly as user to this Role?
Please let me know if that is unclear.
Dec 17, 2012 at 8:35 PM
Can you tell me why you need to know how the user gets the role? It should be transparent in your design. I have designed a shared security framework for all applications in the company. Every time a developer came to me and ask this question, I knew he/she
had a bad design. Because a Role is a Role. It doesn't matter how the user gets the Role. If you need act differently by how the user gets the Role, you may need define a different Role.