/// <summary> /// If current role has been specified check that /// user has this role in the specified context. /// Authorities for specified role is replaced /// with information from UserService for /// security reasons. /// </summary> /// <exception cref="ArgumentException">Thrown if user does not have the specified role in this context.</exception> private void CheckCurrentRole() { WebRole verifiedRole; if (CurrentRole.IsNotNull()) { // Don't trust client information. Verify role information // and get authorities from UserService. verifiedRole = null; foreach (WebRole role in WebServiceData.UserManager.GetRoles(this)) { if (role.Id == CurrentRole.Id) { verifiedRole = role; break; } } if (verifiedRole.IsNull()) { // User does not have specified role. throw new ArgumentException("User " + GetUser().UserName + " is not in role name:" + CurrentRole.Name + " id:" + CurrentRole.Id); } else { _currentRole = verifiedRole; } } }