IsInRole not work in membershipreboot

[amirhp]

Hi I add role from memberhip identity manager and seems roles add as claim in databasbe but User.IsInRole(rolename) ClaimsPrincipal.Current.IsInRole(rolename) always return false.

[brockallen]

This tells me you don't understand how IsInRole works. The user needs to logout and login again, since IsInRole works off of the identity produced from the cookie.

[amirhp]

I know always return false. is it something i missed?

[pmbanugo]

@amirhp there is a difference between role based authorization and claims based authorization. Your application is claims aware. In claims-aware applications, the role is expressed by a role claim type. check this https://msdn.microsoft.com/en-us/library/hh545448(v=vs.110).aspx to see if it clears your misunderstanding.

[brockallen]

Also, when you call IsInRole it's checking for a claim in the claims collection. That claim type depends on how the ClaimsIdentity was created.

[amirhp]

the role calim record seems fine so how can i check this claim exist for a user or not?

[brockallen]

How are you creating the ClaimsIdentity -- what are you using to authenticate the user? OWIN cookie authentication or WIF's SAM?

[amirhp]

Im using your groups sample. https://github.com/brockallen/BrockAllen.MembershipReboot/tree/master/samples/Groups

[brockallen]

I don't think the groups samples even does a user login, does it?

[amirhp]

yeah

[amirhp]

It does userAccountService.AuthenticateWithUsernameOrEmail(model.Username, model.Password, out account)

[amirhp]

so it use SamAuthenticationService

[brockallen]

That uses the ClaimTypes.Role claim type for IsInRole. If you're using IdentityManager, then it's adding the role with claim type "role".