Roles.IsUserInRole() not working in WCF using wsHttpBinding and MVC 4

Question

I have the following test setup, all working:

-WCF Application running a MathService.svc, setup to use SimpleMembershipProvider

-MVC 4 Internet App using the default SimpleMembershipProvider

-Membership is:

• 3 Roles: 'Debug', 'Administrator' and 'Editor'
• 2 Users: 'Debug' in Role Debug and Administrator (ya, user debug in role debug)
• 'Admin' in Role Administrator

-Certificates, as far as I can tell are working, I can connect to the service using wshttp

Service Method Code.

//[PrincipalPermission(SecurityAction.Demand, Role = "Debug")]
public string Add(double A, double B)
{
    OperationContext oc = OperationContext.Current;
    ServiceSecurityContext ssc = oc.ServiceSecurityContext;
    string cltName = ssc.PrimaryIdentity.Name;   //cltName = "Debug"
    var Rs = Roles.GetAllRoles(); //returns: 'Debug', 'Administrator', 'Editor' => OK
    var dUsers = Roles.GetUsersInRole("Debug");  // 'Debug' => Expected
    var aUsers = Roles.GetUsersInRole("Administrator"); // 'Debug', 'Admin' => expected
    try
    {
        var a = Roles.GetRolesForUser(cltName); //this fails 
        var b = Roles.IsUserInRole(cltName, "Debug"); //this fails 
        var c = Roles.IsUserInRole(cltName, "Administrator"); //this fails 
    }
    catch (Exception err)
    {
        string p = err.Message; // all fail with error :
        // "Object reference not set to an instance of an object", inner exception=null
    }
    if (dUsers.Contains(cltName)) //this works, but requires extra step 
        //I should be able to us if(Roles.IsUserInRole(cltName, "Debug"))... here?!?
    {
        return string.Format("Result: {0}", (A + B).ToString("N2"));
    }
    else
    {   //this is just to get a different result if NOT in role 'Debug'
        return string.Format("Result: {0}", ((int)A + (int)B).ToString("N2"));  
    }
}

Why are calls to' Roles.GetRolesForUser(cltName)' and IsUserInRole failing?

I get the correct username from 'ServiceSecurityContext', If I enable the [PrincipalPermission] attrib I get rejected if I call the service with user Admin, as expected.

So why would PrincipalPermission be able to get the correct user role? Why can I use Roles.GetUsersInRole("Debug") to get all correct users BUT I can not call Roles.IsUserInRole(..)??

There are some posts suggesting certificate / /membership setup errors, but I can not see how I can get so far and still have a wrong setup, and above all, just SOME of the Roles methods fail, not all. Any pointers?

A word about the return result, If I use my Role workaround and call via Debug, the service returns double precision, if I call with admin [PrincipalPermission] disabled, I get integer precision back

Regards, Andreas

Answer 1

Just in case anyone runs into the same problem.

While you can use the 'old' ASP.net RolesProvider with simpleMembership, they are not the same.

In my case, I had to add a simple cast.

var _simpleRoles = (SimpleRoleProvider)Roles.Provider; //need the cast to simple

and then this works

 var b = simpleRoles.IsUserInRole(cltName, "Debug");