stackoom
  简体   繁体   中英

ASP.NET Identity check user roles is not working

 原文  2013-11-21 21:56:36       c#/ asp.net/ asp.net-mvc/ asp.net-identity

Question

I have an ASP.NET MVC 5 application. I'm using the standard ASP.NET Identity provider for user and role management. It is important that I'm using the IdentityUser from an own repository project, but this seems ok. I can register, login, edit users, and manage their roles.

I add user to Role with these lines: 

UserManager.AddToRole(userdetail.Id, r);
db.Entry(userdetail).State = EntityState.Modified;
db.SaveChanges();

This seems working in DB level.

But, I can't use Role based authentications, actually the simples 

HttpContext.User.IsInRole("Administrator")

doesn't working too. 

[Authorize(Roles="Administrator")]

doesn't working too.

I can check only with this method, whether user is an administrator: 

UserManager.IsInRole(userID, "Administrator").

Why?

In every tutorial what I found, everything works fine. The different project repository could be the reason? Or ASP.NET Identity is broken so much?

Please advice,

3 answers

solution1
 23  2014-04-09 14:30:45

In that case you need to logout and login the user again.

Because the roles data is also stored in cookies, So you must issue the cookie again to work it.

solution2
 16 ACCPTED  2013-11-22 06:37:45

There seems to be an issue. [The issue by design]

  • The role names are case sensitive in AuthorizeAttribute and User.IsInRole
  • The role names are case insensitive in UserManager.IsInRole

Moreover, check for the correct role name is used for the verification.

[The above is based on the test performed with below code. Role Name="Admin", User is added to Role "Admin".] 

[Authorize(Roles="Admin")] /*True as "Admin" has A capital as entered in Role name*/
public ActionResult Secured()
{
    if (User.IsInRole("admin")) /*This is False*/
    {
         Console.WriteLine("In");
    }
    if(UserManager.IsInRole(User.Identity.GetUserId(), "admin")) /*This is True!!*/
    {
         Console.WriteLine("In");
    }
    return View();
}

If we change the attribute to [Authorize(Roles="admin")] , it redirects to Login page.

solution3
 1  2013-11-21 22:04:51

Do you have this entry in your web.config? 

    <roleManager enabled="true">
        <providers>
            <clear />
            <add connectionStringName="ApplicationServices" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" applicationName="/" />
        </providers>
    </roleManager>

Also, if I remember correctly, there is a different namespace for the role provider assembly in different versions of .NET.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to check user is in many roles in asp.net identity ASP.NET Identity roles Seed ASP.NET Identity user and roles in .NET Core 3.1 ASP.Net Identity Check for multiple roles to get access Asp.NET Identity Roles not working when attempting to add Role to User Change ASP.NET Identity register user to allow multiple roles asp.net identity get all roles of logged in user Asp.Net Core Identity with AuthorizeAttribute not working for Roles ASP.NET Identity 2 hierarchical roles Error in adding roles to ASP.Net Identity
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM