I have written a custom membership and role provider to be used to authenticate and authorized users on Publishing sites. The site has been configured to use these providers and both appear to be working properly. My issue is that I am not able to get a list of roles (groups) from the role provider in the People Picker dialog when it comes to assign permissions. I get results if I enter the username or email address of a user, but nothing is returned when I enter a role name. I have added some logging for all methods of both providers, and indeed the method "GetAllRoles" is never called. I first thought that the role provider was not working or was not configured properly but the logs show that the method (GetRolesForUser) to retrieve the roles for a user is called, which confirms that the Role Provider is working and configured properly. Any idea of what could happen? Did I miss something? Or could someone describe what MOSS is doing internally (i.e. how/when is the GetAllRoles method called?)

I finally got it working...despite what I read, the method GetAllRoles does not seem to be used by Sharepoint... Sharepoint uses the method RoleExists to resolve the name of a role (group) entered in the "People Picker" dialog. Unfortunately I had not implemented this method in my custom provider explaining why it was not picking my groups.

How did you get this to work, if you dont mind sharing. I have this setup on my MOSS implmentation th people picker does call the RoleExists method and get a "true" returned. Despite this, it still says it does not exist. I noticed it also calls the "GeUser" method of the Membership provider as well which returns nothing as there is no user with that name.

Hi julien!!I need your help!Check this out!!I created a Custom membership and role provider!!This Providers connects a local webserviceand then the local webservice consume a remote webServicethe remote WebService connects directly a Custom Database to crawl the credentials and roles.I tested the authentication provider with my custom logon formAnd It Authenticate the user over sharepoint site.Now, i want to give Roles into SharePoint.But when i go to the People Picker....doesnt Work.i found this urlhttp://msdn.microsoft.com/en-us/library/bb975135.aspx

Hi, Well it's quite difficult to know what the problem is without much more information. What do you mean by the People Picker does not work? Note that the People Picker won't allow wildcard search with a custom provider, meaning that you need to enter the full name of your role in order for it to find it. Few other things that you should check: Is it declared in the Central Admin Authenticate Provider? Is the RoleProvider properly configured in the web.config files? It needs to be configured both in the web.config of the CentralAdmin and in the web.config of your site. Have you implemented the method RoleExists in your custom role provider? This is the method called by the PeoplePicker. If you have done all that, you will need to debug your provider. If you have a complete sharepoint development environment (Windows Server, Sharepoint and VS), you should be able to debug your provider and see whether it's called or not. Hope this will be helpful. Julien

Couple things to try, first make sure your custom role and membership provider are the defaults in your FBA site, but also add them (not as default though) to the web config of your NT auth zone site (assuming you have one) and to your central administration site. To be sure, add some type of logging to your custom role provider and track when it enters the "RoleExists" method. Make sure MOSS is calling that method when you search for your role. If MOSS never calls your role provider during the people picker search OR if you role provider fails to match the search, it will fail the same way from the UI perspective. Also, because it is using the RoleExists method it is a full match or nothing since that function returns true or false and does not do partial matches. If you get it all set up, test it,and you are not getting anything at all in the log file from your role provider, there is a good chance something is messed up in the way you configured it or you may be a victim of the dreaded MOSS object caching. To help rule this out, open IISand manually recycle all the app pools for your moss installtion. Also open the services and restart the MOSS timer service, then reboot and try again. If that all fails, then print out the web configs where you have it registered, along with a screen shot from central admin where you have the membership and role providers defined for that zone. Char by char go through each relevant entry for your role and membership provider in the web configs. You only need to mess up a single item to get it to misbehave. Also, go through the 12 hive logs and the Event Viewer logs and search for anything that occurs when you are testing. I have seen a couple types of errors that only occur once per bootup and never again so test it right after you boot up and check those logs. Not a fix yet but should get you looking in the places you will need.

Hello All...The above discussion is way too old, but I read it just today...and I thought Julien and you all can help me solve my doubt.I think the concept is not yet clear to me.My doubt is...I have a custom role provider setup for my sharepoint website. Using this I can search for the roles in people picker.But my basic question is, these roles are not the sharepoint roles, they are the roles I have assigned to users using some XML file.And sharepoint does not know about them.What am I going to achieve by searching them in people picker.E.g I was creating a group in my sharepoint website. There is a people picker control to assign group owner.I could search my role value in people picker, but I can not commit a transaction, because role name can not be a group owner.Then what did I achieve by implementing the facility of seaching roles in sharepoint people picker.Or is there any specific use of this functionality somewhere else in sharepoint.In short, how does sharepoint people picker make use of the custom role provider.Please help. This problem is driving me crazy :)Thanks in advance,Regards

Once you create a SP Security group you can assign the custom provider's role as a "User" in that group. Now all you have to do is assign permission to the Pages/Lists/Documents using the SP Group(containing your role), and a user with that role will have permission to the item. In our Portal, i have a 1-1 relationship between SP Groups, and aspnetdb roles. Meaning the SPGroup will have an aspnetdb role of the same name.NOTE:Roles or SP Security groups cannot be added as Site Collection Administrators, only Users, whether AD or Forms

Hi Gouranga1, Have you solved you problem. and how ? I have similar problem. I have custom membership and role provider. Membership provider works, but role provider partially work. When I enter sharepoint central administration, select FBA web applicaton and click user policy. when I enter username and click Check Names link/button, it is working. Then I enter role name, and click Check Names, it is working for some role name, but for some others existing role name, it can't find the match. That is strange. Then I click browse link/button, enter this role name and click search button, it found match. It is not working for check name, but work for browse. I don't know why. Any clue. Then I give this role full control permission to this FBA web application. I have one user called U1 and assign U1 to this role. When I login FBA web application using U1, it pass form authentication page, then redirect to FBA web application home page, it got access denied. I don't know what wrong. U1 belong to this role and this role has permission to this FBA web applition. why access denied. Then I give U1 permission to FBA web appliaction. U1 can login and working fine. For me, giving role permission to FBA web application is useless, why we need role ? or I have my problelm? Any idea ? thanks. GaryGary