Examining ASP.NET 2.0’s Membership, Roles, and Profile – Part 13
ASP.NET’s forms-based authentication system in tandem with the Membership API and Login Web controls make it a cinch to create a user store, create user accounts, and allow visitors to log into the site. What’s more, with little effort it’s possible to define roles, associate user accounts with roles, and determine what functionality is available based on the currently logged in user’s role (see Part 2 ). Many ASP.NET sites that use Membership have an Admin role, and users in that role are granted certain functionality not available to non-Admin users. Consider an online store – Admin users might be able to manage inventory, whereas the only way normal members could interact with the inventory was by adding items to their shopping cart. I was recently working with a client who had an interesting request: he needed the ability for Admin users to be able to log into the site as another user, and perform actions as if that other person had logged in herself. Returning to the online store example, imagine that some customers periodically phone in their order, or mail or fax in an order form
