Does [Authorize(Roles = "Admin")]
work out of the box in MVC 5 RTM with ASP.NET Identity?
I've had no luck. Note that [Authorize]
and [Authorize(Users = "AdminUser")]
work just fine, and the AspNetUserRoles and AspNetRoles tables are populated as I would expect them to be, establishing a relationship between the AdminUser user and the Admin role. This issue seems specific to roles.
And the answer is the UserManager's DbContext must have lazy loading enabled in order for user roles to manifest in the application in the usual, expected, way. As it turns out, not all of my code was "out of the box." I had customized my DbContext ever so slightly. Hopefully in the future Microsoft will sidestep this integration bug by ensuring the collection is loaded with something like userDbContext.Users.Include(o => o.Roles).SingleOrDefault(...)
.
ApplicationDbContext.Configuration.LazyLoadingEnabled = true;
ApplicationDbContext.Configuration.LazyLoadingEnabled = false;
Note that if ApplicationDbContext.Configuration.LazyLoadingEnabled
is not set in your code then it defaults to true
. So leaving off that line is as good as setting it to true
.
Here's my guess at what is going on when lazy loading is disabled, the Roles
property of the IdentityUser
/ ApplicationUser
object is null or empty when the UserManager or UserStore accesses it because that collection was not manually loaded. The code then carries on like no roles have been assigned to the user when in fact that collection simply was never loaded.
Ah, the aroma of silent failure. Had the code only made some noise when things didn't look right.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With