Rather than have to lookup the role information in the database on every request, the Roles framework includes an option to cache the user's roles in a cookie.
And the Roles API includes methods for determining the logged in user's roles.
This tutorial starts with a look at how the Roles framework associates a user's roles with his security context. NET pipeline it is associated with a security context, which includes information identifying the requestor.
URL authorization rules can specify roles instead of users.
The Login View control, which renders different output for authenticated and anonymous users, can be configured to display different content based on the logged in user's roles.
It then examines how to apply role-based URL authorization rules. When using forms authentication, an authentication ticket is used as an identity token.