IPrincipal

 /// <summary>
  /// 先到数据库验证后，在此授权
  /// </summary>
  /// <param name="user"></param>
  /// <returns></returns>
  public IPrincipal GetPrincipal(User user)
  {
   ArrayList alRoles = new ArrayList();

   string sql = "SELECT b.RoleName FROM T_User a INNER JOIN T_Role b ON a.RoleId = b.RoleId WHERE a.UserId = "+user.UserId;
   using(System.Data.OleDb.OleDbConnection conn = SqlServerHelper.getConnection())
   {
    conn.Open();
    OleDbCommand cmd = new OleDbCommand(sql, conn,null);
    OleDbDataReader myReader = cmd.ExecuteReader();
    if(myReader.HasRows)
    {
     while(myReader.Read())
     {
      string RoleName = myReader.GetString(0);
      alRoles.Add( RoleName );
     }
    }

    myReader.Close();
   }

   // Convert the roles to a string[], and load GenericPrincipal.
   string[] myRoles = (string[])alRoles.ToArray(typeof(string));
   return new GenericPrincipal(new GenericIdentity(user.UserName, user.GetType().ToString()), myRoles);

  }