Role Management in ASP MVC 5 (Microsoft.AspNet.Identity)

Question

in ASP MVC5 RC I didn't get the role system to work. My database has all needs tables an role exist but proofing if user is in role always return false (no SQL exception or something)!?

Did I need to activate role system for IPrincipal somewhere?

Test code:

AccountController accCont = new AccountController();

// check role exist : result = true
var roleExist = await accCont.IdentityManager.Roles.RoleExistsAsync("61c84919-72e2-4114-9520-83a3e5f09de1");

// try find role by name : result = role object
var role = await accCont.IdentityManager.Roles.FindRoleByNameAsync("ProjectAdministrator");

// check with AccountController instance :  result = true
var exist = await accCont.IdentityManager.Roles.IsUserInRoleAsync(User.Identity.GetUserId(), role.Id);

// check if current user is in role : result (both) = false????
var inRole = User.IsInRole(role.Id);
var inRole2 = User.IsInRole(role.Name);

I also try to build an custom extenuation like the IIdentity.GetUserId() extension method from Microsoft.AspNet.Identity.Owin Namespace.

namespace Microsoft.AspNet.Identity
{
   public static class IdentityExtensions
   {
       public static string IsUserInRole(this IIdentity identity)
       {
           if (identity == null)
           {
               throw new ArgumentNullException("identity");
           }
           ClaimsIdentity identity2 = identity as ClaimsIdentity;
           if (identity2 != null)
           {
               var result = identity2.FindFirstValue(IdentityConfig.Settings.GetAuthenticationOptions().RoleClaimType);

               return null; // later result
           }
           return null;
       }
   }
}

But the result for claim Type RoleClaimType is always null :( I'm really stuck with this.

Thank you for your help! Steffen

Answer 1

I'm trying to understand how to use roles in MVC 5 myself, which is what brought me here. I can't answer your question, but check out this link. The downloaded solution works right out of the box and I've already been able to cut-and-paste some of the code and get it working in my own app. Now I'm trying to fully understand what it's doing.

http://www.typecastexception.com/post/2013/11/11/Extending-Identity-Accounts-and-Implementing-Role-Based-Authentication-in-ASPNET-MVC-5.aspx

It may not answer your question but at least it's a fully working solution that actually does work as described without a lot of hassle, so it's a good starting point.

Answer 2

User.IsInRole is basically looking at the claims for the currently signed in user. What does your sign in logic look like? That is what is responsible for minting the cookie that turns into the User identity. That needs to have the Role claim set properly for the IsInRole method to work correctly.