R – If I implement the own CustomPrincipal in ASP.NET MVC, must I use a custom ActionFilterAttribute

asp.net-membershipasp.net-mvc

If I implement my own CustomPrincipal in ASP.NET MVC, must I use a custom ActionFilterAttribute to check for roles that my users belong to (like in Setting up authentication in ASP.NET MVC)?

When I use

[Authorize]

it works fine. But when I use

[Authorize(Roles=("Example"))]

it goes off and looks for:

"dbo.aspnet_CheckSchemaVersion"

Which I obviously don't have since I haven't added the ASP.NET membership objects to my database, I'm writing my own.

I'm using ASP.NET MVC 2 beta.

How can I override the logic that the default attributes uses so that I can use the same tag, [Authorize(Roles=("Example"))]?

Best Answer

The attribute your using will try and use the default RoleProvider to find out what role that user is in.

In the article he outlines creating a custom [UserInRole("Admin")] attribute that avoids the RoleProvider and uses custom logic to determine what role the user is in.

Here is a good MSDN article about implementing your own RoleProvider: http://msdn.microsoft.com/en-us/library/8fw7xh74.aspx

Edit Answer: Your going to have to implement your own roleprovider or create your own custom tag. Your custom tag can look similar to the one baked into MVC but you can't just match signatures and hope to override it that way.