Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Refresh current user's role when changed in ASP.NET identity framework?

Using VS 2013, standard MVC template, and the Identity provider framework

The user is logged in, and I have:

//....
UserManager.AddToRole(User.Identity.GetUserId(), "Members");       # Line X
RedirectToAction("Index", "Members");

And the Members controller is as follows:

[Authorize(Roles="Members")]
public class MembersController : Controller
{
    // GET: Members
    public ActionResult Index()
    {
        return View();
    }
}

After Line X is executed, I can confirm that the user is added to the table dbo.AspNetUserRoles. However, the user upon reaching the Members controller fails the role check. User.IsInRole("Members") returns false.

If the user logs off and then logs in again, then access to the Members controller will go through, ie User.IsInRole("Members") now returns true.

Is there some caching? Why the delay? How do I overcome it?

I also tried converting the method at Line X to an async method and used UserManager.AddToRoleAsync. The same delayed effect is still there.

like image 738
Old Geezer Avatar asked Mar 26 '15 17:03

Old Geezer


1 Answers

The identity information(roles,claims) are put into the cookie when the user logs in. Since the user is already logged in, this line of code UserManager.AddToRole(User.Identity.GetUserId(), "Members") will update the db , but not the cookie. You have to have to re-issue the cookie.

Try add SignInManager.SignIn(user, false, false); (if you dont have user, var user = UserManager.FindById(User.Identity.GetUserId())) before RedirectToAction("Index", "Members");

like image 136
tmg Avatar answered Nov 13 '22 10:11

tmg