How to allow multiple roles to see a page when using a custom RoleProvider in ASP.Net


I have created my own Role Provider because I found the one that ASP.Net provides to be way too bulky in terms of tables in the database. I found implementing a custom RoleProvider to be quite easy.

My only problem is that right now I cannot have multiple roles for a page. I saw somewhere that at the top of your class you need to "anotate it" with some security code. This is what I have

[PrincipalPermission(SecurityAction.Demand, Role="Admin")]

If I try to include multiple roles by using a comma separated list I get errors. If i try to specify multiple role keys then I also get errors. Do i Need to specify multiple PrinicipalPermissions by any chance?

I have very little experience with ASP.Net's role management. Can someone point me in the right direction or at some good literature.

Best Solution

you can add the PrinicpalPermission attribute multiple times.

[PrincipalPermission(SecurityAction.Demand, Role="Admin")]
[PrincipalPermission(SecurityAction.Demand, Role="AnotherRole")]