Roles.Enabled is true even if roleManger.enabled is set to false

Question

I have a simple web site with one aspx page (Test.aspx) showing Roles.Enabled value which is set to false in Web.config (attribute roleManager@enabled).

Test.aspx:

<%@ Page Language="C#" %>
<%= Roles.Enabled %>

Web.config:

<?xml version="1.0"?>
<configuration>
    <system.web>
      <roleManager enabled="false" />
    </system.web>
</configuration>

This outputs:

False

Which is expected.

However, when I add another file (a razor page), e.g. Test.cshtml with no content inside (0 B), the aspx page suddenly outputs:

True

The output is not changed even if I remove the razor page from the site. I have to recycle the application pool and then it again outputs False (the expected result).

It seems that the MVC module / handler factory changes the values for some unknown reason.

How can I tell the MVC runtime not to do that?

Answer 1

The key which could turn on the simple membership is the AppSetting enableSimpleMembership (default is true?).

Apparently, when a MVC project starts, a routine checks if this setting is set to false. If not the SimpleMembershipProvider is applied -or ASP.NET try to- somehow like this.

To disable this behavior, set it to false.

<appSettings>
  <add key="enableSimpleMembership" value="false" />
</appSettings>

I found this remark in the PreApplicationStartCode of WebMatrix. I guess there is a similar behavior for most MVC versions.

To use the SimpleMembershipProvider and WebSecurity classes for an ASP.NET Web Pages website, set enableSimpleMembership to true in the appSetting section of the Web.config file. (Alternatively, leave enableSimpleMembership out of the Web.config file, because enableSimpleMembership defaults to true.) When simple membership is enabled, SimpleMembershipProvider replaces SqlMembershipProvider, but is not invoked until it is initialized by a call to the InitializeDatabaseConnection() method.