0

In the debugger, if I dig into the User object, I can see the current member's UserData property, ((System.Web.Security.FormsIdentity)(User.Identity)).Ticket.UserData, has "admin" in it.

User.Identity.IsAuthenticated works, User.IsInRole("admin") returns false.

If "admin" is in the UserData property, shouldn't User.IsInRole("admin") return true?

Update

I set the FormsAuthenticationTicket like so:

public static string CreateEncryptedTicket(string username, string roles, DateTime expireAt, bool isPersistent = true) {
    var ticket = new FormsAuthenticationTicket(1, username, DateTime.Now, expireAt, isPersistent, roles, FormsAuthentication.FormsCookiePath);
    return FormsAuthentication.Encrypt(ticket);
}

then (where roles is a comma separated list of roles the member is in):

var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, MemberService.CreateEncryptedTicket(member.Id, roles, expireDate));
HttpContext.Response.Cookies.Add(cookie);
Chaddeus
  • 13,134
  • 29
  • 104
  • 162
  • Are you using and have set up a **Role Provider** in `web.config` file? – balexandre Aug 16 '12 at 13:48
  • Actually, no... just checked. Is there a way to use the RoleManager without a SQL provider? I use RavenDb for this project... just want to be able to use `User.IsInRole("admin")` to check if a user is in the admin role... – Chaddeus Aug 16 '12 at 13:55
  • you can implement your own RoleProvider, check my answer, I say a bit about it: http://stackoverflow.com/a/5702000/28004 You should implement your own Providers using your custom db... even though I use SQL most of the times, I always use my own providers. – balexandre Aug 16 '12 at 14:00

1 Answers1

0

What do you see if you list the User's roles like this?

public ActionResult ShowUserRoles() {
    string[] roles = Roles.GetRolesForUser();
    // Just hover your mouse over roles above since you're debugging...
    return View(roles); // This view probably doesn't exist.
}
Tom Chantler
  • 14,753
  • 4
  • 48
  • 53