Rockford Lhotka has writen about permission-based authorization versus role-based authorization . He describes how he is abusing the principal IsInRole(..) method. This is definitely wrong and should never be implemented that way! Besides that it could...