ASP.NET v2.0 - Enabling Roles
by Scott Forsyth
August 19, 2005
By default the Roles provider is defined in machine.config but it isn't enabled.
Attempting to use the Roles feature before it is enabled will throw the following
error:
"The Role Manager feature has not been enabled."
It's easy to enable though.
Click here for the ASP.NET v2.0 quickstart explanation on how to enable this.
Since the provider is already defined in machine.config, you can use the same provider
or define a new one.
The advantage of using the one in machine.config is that the
server administrator can keep it up to date and consistent with the other providers.
I'll give two examples, one inheriting the default machine-level provider and one
specifying a new one. These goes in the <system.web/> section of web.config.
Example 1 - Inherit the Machine-Level Provider
Notice that the defaultProvider name is AspNetSqlRoleProvider which is what is specified in machine.config by default.
It's essential to use this provider name if you will inherit the provider settings.
<rolemanager
enabled="true"
cacheRolesInCookie="true"
defaultProvider="AspNetSqlRoleProvider"
cookieName=".ASPXROLES"
cookiePath="/"
cookieTimeout="30"
cookieRequireSSL="false"
cookieSlidingExpiration="true"
createPersistentCookie="false"
cookieProtection="All" />
Example 2 - Override and Specify All RoleManager Settings
I took this example directly
from http://beta.asp.net.
Notice that the defaultProvider name can be
anything you
want as long as it matches the provider name. If you use AspNetSqlRoleProvider which
is the name that machine.config uses by default, then make sure to put
<remove name="AspNetSqlRoleProvider"/> before the <add/>
tag. Also notice connectionStringName which needs to be defined in machine.config
or web.config and point to a database that is prepared with the asp.net v2.0 schema.
<rolemanager
enabled="true"
cacherolesincookie="true"
defaultprovider="QuickStartRoleManagerSqlProvider"
cookiename=".ASPXROLES"
cookiepath="/"
cookietimeout="30"
cookierequiressl="false"
cookieslidingexpiration="true"
createpersistentcookie="false"
cookieprotection="All" >
<providers>
<add name="QuickStartRoleManagerSqlProvider"
type="System.Web.Security.SqlRoleProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ASPNETDB
applicationName="SecurityQuickStart"/>
</providers>
</roleManager>
In case you are curious and for perspective, I'll include the default machine.config
definition for the roleManager section.
<rolemanager>
<providers>
<add name="AspNetSqlRoleProvider" connectionStringName="LocalSqlServer" applicationName="/"
type="System.Web.Security.SqlRoleProvider,
System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<add name="AspNetWindowsTokenRoleProvider" applicationName="/"
type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</roleManager>
Scott Forsyth is the Director of IT at
ORCS Web, Inc.
- a company that provides managed hosting solutions for clients who develop and deploy their applications on Microsoft Windows platforms. Services include shared hosting, dedicated hosting, and webfarm hosting, with specialty in .Net, SQL Server, and architecting highly scalable solutions.