I need some clarifications for ASP.NET Membership; please help me with it. I am using ASP.NET MCV 3 framework and intending to use ASP.NET Membership for users & authentication management using either LDAP or SQL.

For what I've understood until now; ASP.NET Membership is:

[User] has [Role] or [Role] has [Users]

But in my project I have a more complex business logic; where I need this hierarchy to next level like

[User] has [Role] -> has [Tasks]

So I can dynamically assign/revoke tasks/permissions to my MVC controllers or actions;

I plan to get started with Membership with SQL Provider and than may be later on I'll switch to LDAP/AD.

I've also explored AzMan and NetSqlAzMan; they look ok to resolve the error but their usage seems odd; (not as neat as ASP.NET Membership; where we can simply use annotations to assign roles/tasks to a controller or its action.

Is ASP.NET Membership limited to Roles only? & no tasks/operations? Or is there any workaround for that?

Can I enjoy the simplicity of usage of ASP.NET Membership and on the same road have a next level hierarchy for Roles -> Tasks -> Operations.

Any help would be greatly appreciated.

Thanks!

ASP.NET's Membership provider only supports roles out of the box. It doesn't support tasks or operations. However it is relatively easy to create a custom Role Provider to meet just about any need.

For a good start check out 'Implementing a Role Provider' at http://msdn.microsoft.com/en-us/library/ie/8fw7xh74.aspx . You can also find a sample Role Provider at http://msdn.microsoft.com/en-us/library/ie/tksy7hd7.aspx .

ASP.NET Membership only supports Roles, no tasks or operations.

You can use attributes to signify which operations are allowed for which roles, like so:

[Authorize(Roles="Administrator")]
public ViewResult Edit(int id)
{
    return View("Edit");
}

Or your code can do checking using the IsInRole method:

if (User.IsInRole("Administrator"))
{
    ...
}

Good luck!