Hi guys,

I read a lot of tutorials on this website and in some books about security and everything is becoming clear right now but I still have a slight question and I hope you could help me find the answer.

Let's say I am logged as Player1 using a MemberShipProvider, and say that Player1 is in role "Midfielder".

Now, I want to allow to allow Player1 to browse the directory "/PenaltyArea/" if and only if he answers some question correctly.

How can I do that?

My guess would be that I manually add Player1 to some role "Striker" and then make sure via the web.config that my folder "/PenaltyArea/" is restricted to "Strikers".

Then, I would have to remove Player1 from this role everytime he connects (to make sure he has to answer the next question properly in his next connexion).

Is this approach the right one or do ASP.Net provide some facilities to give temporary rights to a single user that will disappear under certain conditions.

Hope this was clear,

Thanks in advance,

Jeremie

Yes dynamically adding/removing user to/from role would be the way.

Don't know if there is any other.

 Okay thanks,

I guess we can assume that the user is disconnected and thus should be removed from the role as soon as he explicitely logs out or the session expires. I'll check if there are events handling that.

Thanks anyway.