Wiring Up Custom Roles with MVC5 Identity

Question

I'm using ASP.Net Identity with ADFS 2.0 (I think).

Users log in at a separate server, come back to me, I check the ClaimsPrincipal and pull out the userID claim, then use that ID to retrieve the user.

So I'm only using ADFS/claims-based auth to get the user object; after that, I have things like usergroups and roles, but they are custom objects and I manage them in the application rather than using ADFS to manage them.

What I want to know is: How hard is it to use my custom database roles with the out-of-the-box role stuff? Specifically, I want to be able to use the Role("RoleName") attribute on controllers, and wrap some UI elements in User.IsInRole("RoleName") on the views to control user access.

What do I have to do to wire this up?

LostInComputer LostInComputer · Accepted Answer · 2014-01-19T06:10:24

I'm not aware of any Role attribute. Do you mean Authorize("RoleName") attribute?

Adding a role claim that is compatible with IPrincipal.IsInRole and AuthorizeAttribute as a consequence is very easy. Just add a claim with the type ClaimTypes.Role

//when creating a new identity
var identity = new ClaimsIdentity(new Claim[] {
     new Claim(ClaimTypes.Role, "MyRole1"),
     new Claim(ClaimTypes.Role, "MyRole2")
});

//add a claim to an identity
identity.AddClaim(new Claim(ClaimTypes.Role, "MyRole3"));

Then in your controller, add the AuthorizeAttribute

Authorize("MyRole1")

Wiring Up Custom Roles with MVC5 Identity

1 Answers