ASP.NET security

Checking the role membership is an accepted way of doing it. Do not however just check when you display the button, check during the response to the event it triggers as well, just in case someone tries to bypass event validation.


User.IsInRole() is what you need. As mentioned, check this at each step - users can fake any kind of HTTP response, so every server-side method needs security checks.

Don't just check whether to enable or or not... You must also check it when the edit button is clicked.