Dynamic Roles in ASP.NET 2.0
Posted on 2011-03-01
We have a website written in ASP.NET 2.0 with numerous users. Each user’s access to various pages is controlled through the standard framework Roles. Specifically, the roles are stored in the aspnet_Roles table and the access is specified through the Web.config file using the ‘authorization / allow roles’ tag.
Example of roles include: “StandardUser” and “ManagerUser”
This works great! However, the data in the system has been divided into accounts and we now have a need to grant users different Roles (permissions) depending on which account they are in. For example User1 might be a “ManagerUser” in Account1 but a “StandardUser” in Account2. As the user switch between the two accounts, we need the Roles to switch accordingly, e.g. the management page should not be accessible while user is in Account2.
Note: Requiring the user to login with different names depending on the account is not an option.
What’s the best practice approach for handing this?