>I too needed to have a role based form security model and basically wrote a sproc to determine if the logged in user was in fact assigned to an "admin" role. If yes, proceed to the requested page. If not, alert and return to the login page. I executed this sproc from a business class that gets called in the overridden on_load event of the page. I didn't find any other built in framework support to accomplish this type of form based role security, so I hope this helps! If anyone has a better mousetrap I'd like to know about it too!

What you've done is a good way to approach this. Right now, the mmRole business object has a "GetUserRoles()" method that returns all roles for the specified user, and you could scan through these to see if they belong to the role you're looking for. I've added an item to my "to do" list to add a new method to this object called "IsUserInRole()" that would allow you to perform this check more easily.

Regards,