Get list of users with assigned roles in asp.net identity 2.0

Question

I have a drop down list box which lists roles. I want to get the list of users having that role. I mean list of users that are in "Administrator" role or "CanEdit" role. Here is my code:

public IQueryable<Microsoft.AspNet.Identity.EntityFramework.IdentityUser> 
  GetRolesToUsers([Control] string ddlRole)
{    
  //ddlRole returns role Id, based on this Id I want to list users

  var _db = new ApplicationDbContext();
  IQueryable<Microsoft.AspNet.Identity.EntityFramework.IdentityUser> query = _db.Users;

  if (ddlRole != null)
  {
    //query = query.Where(e => e.Claims == ddlRole.Value);  ???????              
  }

  return query;
}

Please help.

Updated Code (still error)

public List<IdentityUserRole> GetRolesToUsers([Control]string ddlRole)
{

  var roleManager = 
   new RoleManager<IdentityRole>(new RoleStore<IdentityRole>(new ApplicationDbContext()));
  var users = roleManager.FindByName("Administrator").Users.ToList();
  return users;
}

Error: The Select Method must return one of "IQueryable" or "IEnumerable" or "Microsoft.AspNet.Identity.EntityFramework.IdentityUser" when ItemType is set to "Microsoft.AspNet.Identity.EntityFramework.IdentityUser".

I tried various castings but none of them helped.

UPDATE (working solution)

Thanks to chris544, his idea helped me to fix this. Here is working method:-

public List<ApplicationUser> GetRolesToUsers([Control]string ddlRole)
{
  var context = new ApplicationDbContext();
  var users =
    context.Users.Where(x => x.Roles.Select(y => y.RoleId).Contains(ddlRole)).ToList();

  return users;
}

Try Roles.GetUsersInRole(), you can get use default Role Provider API — Larry, May 23 '14 at 09:24
@Larry you mean [string[] u = Roles.GetUsersInRole(ddlRole)] or [_roleManager.Roles.GetUsersInRole(ddlRole)]. First produces "The Role Manager feature has not been enabled" error and second no definition for "GetUserInRole". How I should use Roles.GetUsersInRole()? — Abhimanyu, May 23 '14 at 09:47
Are you working on asp.net mvc 5? I'm currently working on 4. go to any action method and types "Roles" and it lives within "System.Web.Security" namespace. — Larry, May 23 '14 at 10:26

score 41 · Accepted Answer · edited Oct 03 '17 at 09:29

41

Not an expert, but ...

There seemed to be no built in funcionality for this in Identity and I could not get it work from built in Roles also (it seems to not work with claims based Identity).

So I ended up doing something like this:

var users = context.Users        
    .Where(x => x.Roles.Select(y => y.Id).Contains(roleId))
    .ToList();

x.Roles.Select(y => y.Id) gets a list of all role ids for user x
.Contains(roleId) checks if this list of ids contains necessary roleId

edited Oct 03 '17 at 09:29

Ashiquzzaman

5,129
3
27
38

answered May 25 '14 at 10:23

chris544

889
2
10
21

There was no built in functionality for this in Identity 1.0, but it was expected in 2.0 somewhere on web i read this. – Abhimanyu May 28 '14 at 06:21
Thanks chris544, your idea helped me to fix this. I updated the question and i'm sure it will help many devs. – Abhimanyu May 28 '14 at 06:31
Been looking for an hour or so for a simple implementation. FINALLY found it. Thanks! – Jacques Bronkhorst Oct 26 '14 at 11:10
1

If the `Id` of the role is not known, should use an instance of `RoleManager` first. – SepehrM Jun 15 '16 at 13:28
1

y.Id should be y.RoleId – Andrzej Martyna Sep 07 '17 at 09:28

score 13 · Answer 2 · edited Dec 02 '17 at 18:46

13

I find the role by the role name input. After, I find list users by id of the role.

public List<ApplicationUser> GetUsersInRole(string roleName)
{
 var roleManager = 
  new RoleManager<IdentityRole>(new RoleStore<IdentityRole>(new  ApplicationDbContext()));
 var role = roleManager.FindByName(roleName).Users.First();
 var usersInRole = 
  Users.Where(u => u.Roles.Select(r => r.RoleId).Contains(role.RoleId)).ToList();
 return usersInRole;
}

edited Dec 02 '17 at 18:46

Shimmy Weitzhandler

101,809
122
424
632

answered Nov 19 '14 at 17:04

Trieu Doan

149
1
3

Great answer Trieu. Provided reusable code in my opinion. Short, concise, and flat out works! – clockwiseq Jun 09 '16 at 13:29
I found out that @Trieu Doan was not corrent in my case, the code that worked was as following: ` var users = roleManager.FindByName(roleName).Users.Select(x => x.UserId); var usersInRole = Users.Where(u => users.Contains(u.Id));` – Bartek Wójcik Oct 29 '16 at 15:29

score 7 · Answer 3 · edited May 23 '17 at 10:31

7

If you want to avoid using the context directly you can use the RoleManager with the following snippet

roleManager.FindByName("Administrator").Users

or

roleManager.FindByName("CanEdit").Users

For a short discussion about this topic have a look at the this thread

edited May 23 '17 at 10:31

Community

1
1

answered May 25 '14 at 10:39

Horizon_Net

5,959
4
31
34

Thanks Horizon_Net..looks i'm very close to solution. Please check my updated code which produce error. – Abhimanyu May 28 '14 at 06:16
2

This returns a collection of `IdentityUserRole`s, not `ApplicationUser`s – SepehrM Jun 15 '16 at 13:20

score 4 · Answer 4 · edited Apr 17 '15 at 18:03

4

Using the RoleManager gives you this solution:

if(roleManager.RoleExists("CanEdit"))
{
    var idsWithPermission = roleManager.FindByName("CanEdit").Users.Select(iur => iur.Id);
    var users = db.Users.Where(u => idsWithPermission.Contains(u.Id));
}

I'd be interested to hear if this was better or worse than the other solutions here.

edited Apr 17 '15 at 18:03

Derek Hewitt

775
8
16

answered Oct 01 '14 at 13:02

Rob Church

6,783
3
41
46

The only change I would make would be to wrap the above in an if statement to check if role exists. if(roleManager.RoleExists("CanEdit") – Derek Hewitt Apr 17 '15 at 17:22
+1 Going to the RoleManager (e.g. role table) is a much better shortcut than numerous LINQ queries that ultimately produce lots of SQL. – Aaron Hudon Nov 23 '15 at 08:43

score 4 · Answer 5 · answered Oct 28 '14 at 20:20

There are three ways you can do it.

In the Controller current logged in user's role can be checked as follows,

  if(User.IsInRole("SysAdmin"))
        {

Outside Controller you can check whether a particular user belongs to a Role as follows:

 ApplicationUserManager UserManager = HttpContext.GetOwinContext().GetUserManager<ApplicationUserManager>();
        var roles = UserManager.GetRoles(userid);
        if (roles.Contains("SysAdmin"))
        {
        }

Do not forget to add namespace,

using Microsoft.AspNet.Identity.EntityFramework;
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.Owin;

For some reasons like integration testing etc, you may directly want to use EF to find user's role as follows:

string userId = User.Identity.GetUserId();
        ApplicationDbContext db = new ApplicationDbContext();
        var role = (from r in db.Roles where r.Name.Contains("Admin") select r).FirstOrDefault();
        var users = db.Users.Where(x => x.Roles.Select(y => y.RoleId).Contains(role.Id)).ToList();
        if (users.Find(x => x.Id == userId) != null)
        {
            // User is in the Admin Role
        }

Hope it helps.

Thanks /dj @debug_mode

score 0 · Answer 6 · edited Feb 28 '17 at 13:48

Remove the .Email and add UserName or whatever was added to the ASPNetUsers for name.

private void AddAddminToMail(MailMessage message)
{
    var roles = db.Roles.Include(m => m.Users).Where(m => m.Name == "Admin").First();
    foreach (var user in roles.Users)
        {
            var id = user.UserId;
            var userEmail = db.Users.Find(id).Email;
            message.To.Add(userEmail);
        }      
}

score 0 · Answer 7 · answered Oct 29 '16 at 15:33

0

the code working for me was as following:

  var users = roleManager.FindByName(roleName).Users.Select(x => x.UserId);
  var usersInRole = Users.Where(u => users.Contains(u.Id));

answered Oct 29 '16 at 15:33

Bartek Wójcik

473
3
15

score 0 · Answer 8 · answered Jul 02 '18 at 19:43

Since bits like this tend to impact performance, I tried the other answers posted here and looked at the SQL they generated. This seems to be the most performant way of getting all the user's email addresses currently.

public void SendEmailToUsersInRole(string roleName)
{
    MailMessage message = new MailMessage();
    ...

    using (var usersDB = new ApplicationDbContext())
    {
        var roleId = 
            usersDB.Roles.First(x => x.Name == roleName).Id;

        IQueryable<string> emailQuery =
            usersDB.Users.Where(x => x.Roles.Any(y => y.RoleId == roleId))
                         .Select(x => x.Email);

        foreach (string email in emailQuery)
        {
            message.Bcc.Add(new MailAddress(email));
        }
    }

    ...
}

The SQL that it executes is shown below:

SELECT TOP (1) 
    [Extent1].[Id] AS [Id], 
    [Extent1].[Name] AS [Name]
    FROM [dbo].[AspNetRoles] AS [Extent1]
    WHERE N'Reviewer' = [Extent1].[Name]

SELECT 
    [Extent1].[Email] AS [Email]
    FROM [dbo].[AspNetUsers] AS [Extent1]
    WHERE  EXISTS (SELECT 
        1 AS [C1]
        FROM [dbo].[AspNetUserRoles] AS [Extent2]
        WHERE ([Extent1].[Id] = [Extent2].[UserId]) AND ([Extent2].[RoleId] = @p__linq__0)
    )


-- p__linq__0: '3' (Type = String, Size = 4000)

Get list of users with assigned roles in asp.net identity 2.0

8 Answers8

Linked