How to integrate IdentityServer v3/v4 into MVC to manage user Roles and Claims?

In ASP.NET 2005 (v2 timeframe) there was a web-based tool called ASP.NET Website Administration tool that folks could use the edit users and generally administer the ASP.NET Membership database. This useful tool was removed in 2012 and is still missed.

http://www.hanselman.com/blog/ThinktectureIdentityManagerAsAReplacementForTheASPNETWebSiteAdministrationTool.aspx

edited- To integrate custom roles into my MVC application the right version was not server, need to use the IdentityManager

https://github.com/IdentityManager/IdentityManager.AspNetIdentity

Compile the solution. In Web.config modify the to the working SQL database. In my case I already had some aspIdentity tables that had to be deleted so Entity could create new ones. Now this identity manager code should run and work to create users, set Roles and Claims and save to the Table.

Now the goal is to match up the database Table and the Authentication scheme, so that some other new MVC project will look for its Roles here. The IdentityManager software, for now, will be a utility to set the roles.

In the MVC application go to Tools, NuGet, look for 'identitymanager', there should be 3 beta files. Get the identitymanager and the aspIdentity. Project will also need Owin (but I had this installed already). Modify Startup.cs:

       Public partial class Startup
       {
         public void Configuration(IAppBuilder app)
         {
                ConfigureAuth(app);

                app.Map("/idm", idm =>
                {
                    var factory = new IdentityManagerServiceFactory();
                    factory.IdentityManagerService = new Registration<IIdentityManagerService, ApplicationIdentityManagerService>();
                    factory.Register(new IdentityManager.Configuration.Registration<ApplicationUserManager>());
                    factory.Register(new IdentityManager.Configuration.Registration<ApplicationUserStore>());
                    factory.Register(new IdentityManager.Configuration.Registration<ApplicationDbContext>());
                    factory.Register(new IdentityManager.Configuration.Registration<ApplicationRoleManager>());
                    factory.Register(new IdentityManager.Configuration.Registration<ApplicationRoleStore>());

                    idm.UseIdentityManager(new IdentityManagerOptions
                    {
                        Factory = factory
                    });
                });
            }
        }

And create these classes,

                 public class ApplicationUserStore : UserStore<ApplicationUser>
          {
              public ApplicationUserStore(ApplicationDbContext ctx)
                  : base(ctx)
              {

              }

          }
          //  public class ApplicationRole :

          public class ApplicationRoleStore : RoleStore<IdentityRole>
          {
              public ApplicationRoleStore(ApplicationDbContext ctx)

                  : base(ctx)
              {
              }


          }

          public class ApplicationRoleManager : RoleManager<IdentityRole>
          {
              public ApplicationRoleManager(ApplicationRoleStore roleStore)
                  : base(roleStore)
              {

              }
          }

          public class ApplicationIdentityManagerService : AspNetIdentityManagerService<ApplicationUser, string, IdentityRole, string>
          {
              public ApplicationIdentityManagerService(ApplicationUserManager userMgr, ApplicationRoleManager roleMgr)
                  : base(userMgr, roleMgr)
              {

              }
          }

Then in IdentityConfig.cs modify the ApplicationUserManager class

        // Configure the application user manager used in this application. UserManager is defined in ASP.NET Identity and is used by the application.
        public class ApplicationUserManager : UserManager<ApplicationUser>
        {
          //  public ApplicationUserManager(IUserStore<ApplicationUser> store)


            public ApplicationUserManager(ApplicationUserStore store)
                : base(store)
            {
            }

            public static ApplicationUserManager Create(IdentityFactoryOptions<ApplicationUserManager> options, IOwinContext context) 
            {
               // var manager = new ApplicationUserManager(new UserStore<ApplicationUser>(context.Get<ApplicationDbContext>()));
                var manager = new ApplicationUserManager(new ApplicationUserStore(context.Get<ApplicationDbContext>()));

The ConfigureAuth method:

 public void ConfigureAuth(IAppBuilder app)
    {
        // Configure the db context, user manager and signin manager to use a single instance per request
        app.CreatePerOwinContext(ApplicationDbContext.Create);
        app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
        app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);

        // Enable the application to use a cookie to store information for the signed in user
        // and to use a cookie to temporarily store information about a user logging in with a third party login provider
        // Configure the sign in cookie
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login"),
            Provider = new CookieAuthenticationProvider
            {
                // Enables the application to validate the security stamp when the user logs in.
                // This is a security feature which is used when you change a password or add an external login to your account.  
                OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
                    validateInterval: TimeSpan.FromMinutes(30),
                    regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
            }
        });            
        app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

        // Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
        app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));

        // Enables the application to remember the second login verification factor such as phone or email.
        // Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
        // This is similar to the RememberMe option when you log in.
        app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);

        // Uncomment the following lines to enable logging in with third party login providers
        //app.UseMicrosoftAccountAuthentication(
        //    clientId: "",
        //    clientSecret: "");

        //app.UseTwitterAuthentication(
        //   consumerKey: "",
        //   consumerSecret: "");

        //app.UseFacebookAuthentication(
        //   appId: "",
        //   appSecret: "");

        //app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
        //{
        //    ClientId = "",
        //    ClientSecret = ""
        //});
    }

At this point, the utility points to the same SQL path as the running MVC application. The "Authentication" should be shared and should work in the MVC app. If I created my user account, created a Role called Finance? Then go back and edit the user, and add the new Role called Finance, and in the MVC controller put:

     [Authorize(Roles ="Finance")]

The Role was made by the utility, stored in the SQL, then my MVC is hopefully going to see, use, get or apply this Role and only let my user account be authorized.

Right now, it will not authorize, and sends the browser back to the login, have to assume its because of a failed authorization.

So close but what could make this not work?