tugberkugurlu
commented
10 years ago If roles are stored as claims this should be anyway implemented in the store
I tried this but that introduced another problem. The default implementation of the IClaimsIdentityFactory<TUser> which is ClaimsIdentityFactory<TUser> adds the roles to the identity as you can see from the code:
public virtual async Task<ClaimsIdentity> CreateAsync(UserManager<TUser> manager, TUser user, string authenticationType)
{
if (manager == null)
{
throw new ArgumentNullException("manager");
}
if (user == null)
{
throw new ArgumentNullException("user");
}
ClaimsIdentity claimsIdentity = new ClaimsIdentity(authenticationType, this.UserNameClaimType, this.RoleClaimType);
claimsIdentity.AddClaim(new Claim(this.UserIdClaimType, user.Id, "http://www.w3.org/2001/XMLSchema#string"));
claimsIdentity.AddClaim(new Claim(this.UserNameClaimType, user.UserName, "http://www.w3.org/2001/XMLSchema#string"));
claimsIdentity.AddClaim(new Claim("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider", "ASP.NET Identity", "http://www.w3.org/2001/XMLSchema#string"));
if (manager.SupportsUserRole)
{
IList<string> list = await manager.GetRolesAsync(user.Id);
foreach (string current in list)
{
claimsIdentity.AddClaim(new Claim(this.RoleClaimType, current, "http://www.w3.org/2001/XMLSchema#string"));
}
}
if (manager.SupportsUserClaim)
{
claimsIdentity.AddClaims(await manager.GetClaimsAsync(user.Id));
}
return claimsIdentity;
}So, if you implement it, you should store the roles separately in order to avoid confusion as I cannot expect for everybody to implement a custom IClaimsIdentityFactory<TUser>.
Closing the issue right now. Do let me know if you have a suggestion.
Thanks!
If roles are stored as claims this should be anyway implemented in the store, currently this method throws exception with message Store does not implement IUserRoleStore.