Closed amirhp closed 8 years ago
This tells me you don't understand how IsInRole works. The user needs to logout and login again, since IsInRole works off of the identity produced from the cookie.
I know always return false. is it something i missed?
@amirhp there is a difference between role based authorization and claims based authorization. Your application is claims aware. In claims-aware applications, the role is expressed by a role claim type. check this https://msdn.microsoft.com/en-us/library/hh545448(v=vs.110).aspx to see if it clears your misunderstanding.
Also, when you call IsInRole it's checking for a claim in the claims collection. That claim type depends on how the ClaimsIdentity was created.
the role calim record seems fine so how can i check this claim exist for a user or not?
How are you creating the ClaimsIdentity -- what are you using to authenticate the user? OWIN cookie authentication or WIF's SAM?
Im using your groups sample. https://github.com/brockallen/BrockAllen.MembershipReboot/tree/master/samples/Groups
I don't think the groups samples even does a user login, does it?
yeah
It does userAccountService.AuthenticateWithUsernameOrEmail(model.Username, model.Password, out account)
so it use SamAuthenticationService
That uses the ClaimTypes.Role
claim type for IsInRole. If you're using IdentityManager, then it's adding the role with claim type "role"
.
Hi I add role from memberhip identity manager and seems roles add as claim in databasbe but User.IsInRole(rolename) ClaimsPrincipal.Current.IsInRole(rolename) always return false.