How to: Access User Roles with Client Application Services
You can use client application services to retrieve role information from an existing Microsoft Ajax roles service. For information about how to set up the roles service, see Using Roles Information with Microsoft Ajax.
The following procedure demonstrates how to access user role information for authenticated users in a Windows Forms application configured to use a roles service. For more information, see How to: Configure Client Application Services. This procedure requires access to a running Microsoft Ajax roles service. For guidance on end-to-end testing of client application services features, see Walkthrough: Using Client Application Services.
To determine whether a user is in a particular role
Call the IsInRole method of the IPrincipal reference retrieved from the static Thread.CurrentPrincipal property. This method returns a Boolean value that you can use to provide access to special functionality, as shown in the following example. This method will return false if the user is not authenticated or is not in the specified role.
The IsInRole method internally accesses the remote roles service through the ClientRoleProvider class. Although you can access the ClientRoleProvider class directly, you will typically access it indirectly, as shown in the following code. For more information, see Client Application Services Overview.
The following code example assumes that your application contains a Button named managerOnlyButton.
The example code in this topic demonstrates the simplest usage of the roles service in a Windows client application. When you access user roles through client application services, however, your code can throw a WebException if the service is unavailable. For an example of how to handle a WebException in this case, see Walkthrough: Using Client Application Services.
Additionally, the IsInRole method will always return false if the user login has expired. This will not occur if your application calls the IsInRole method one time shortly after authentication. If your application must retrieve user roles at other times, you might want to add code to revalidate users whose login has expired. If all valid users are assigned to roles, you can determine whether the login has expired by calling the ClientRoleProvider.GetRolesForUser method. If no roles are returned, the login has expired. For an example of this functionality, see the GetRolesForUser method. This functionality is only necessary if you have selected Require users to log on again whenever the server cookie expires in your application configuration. For more information, see How to: Configure Client Application Services.