Lately I’ve been doing quite a bit of work with custom authorization scenarios in SharePoint, using the Microsoft Geneva framework for claims based security. This means custom membership and role providers which are relatively complicated.
Understanding how SharePoint uses your role provider is critical to designing and debugging even a modestly complicated security scenario. I’ve put together a flow-chart which hopefully helps explain when identities are created, what methods SharePoint calls, and just generally how your custom providers are used.
This is a work in progress, and I will include how membership providers are leveraged during assigning of permissions at a later date.
Click the image to see it full size.