Alright, after much digging and lucky discovery - it turns out that Microsoft.AspNet.Identity.Core comes with a few other interfaces, in particular, IUserRoleStore<TUser> and IUserPasswordStore<TUser> which both "inherit"(implement) IUserStore<TUser>.
So if we wanted role management capabilities, we implement IUserRoleStore<TUser>:
class MyUser : IUser
{
// Additional properties and functions not shown for brevity.
}
class MyUserStore : IUserRoleStore<MyUser>
{
public bool IsInRole(string username, string role)
{
// Implementation not show for brevity.
}
/* We would then implement the rest of the required functions.
We would have a data context here that has access to users,
user-roles, and roles.
*/
}
Now we can pass MyUserStore to UserManager<TUser>, because MyUserStore is an IUserRoleStore<TUser>, which is an IUserStore<TUser>:
UserManager<MyUser> UM = new UserManager<MyUser>(new MyUserStore());
I suspect, then, that the source code for UserManager<TUser> uses reflection to find out whether the store passed into it at constructor implements one of IUserStore<TUserStore>'s "child interfaces", in order to be able to perform role checks (if it implements IUserRoleStore<TUser>) or password set/reset (if it implements IUserPasswordStore<TUser>).
I hope you find this useful because most documentation (MVC tutorials and such) don't tell us this detail. They tell us to use the UserStore<TUser> implementation of Microsoft.AspNet.Identity.EntityFramework - where all we have to do is pass in a custom User object (that implements IUser) and we're good to go.
