I have ASP.NET MVC4 application project. I also added WebApi to my project by creating ApiController. The case is that in Controller descendants both statements returns true, but in ApiController descendants first statement is false, but second returns true:
bool booool1 = User.IsInRole("Radiolog");
bool booool2 = Roles.IsUserInRole(User.Identity.Name, "Radiolog");
Here is my web.config configuration:
<add key="enableSimpleMembership" value="false" />
<add key="autoFormsAuthentication" value="false" />
...
<roleManager cacheRolesInCookie="true" defaultProvider="CustomRoleProvider" enabled="true">
<providers>
<clear />
<add name="CustomRoleProvider" type="RisSystem.Services.CustomRoleProvider" />
</providers>
</roleManager>
...
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>
I also noticed that in ApiController [Authorize] is working well but [Authorize(Roles="")] never let to invoke methods.
In ApiController methods I am authenticating with: client.DefaultRequestHeaders.Authorization = new BasicAuthenticationHeaderValue(login, password); and FormsAuthentication in standard Controller.
Authentication for WebApi is set in WebApiConfig.cs in Register(HttpConfiguration config) function:
var authConfig = new AuthenticationConfiguration();
authConfig.AddBasicAuthentication((userName, password) => AuthenticationService.ValidateUser(userName, password));
config.MessageHandlers.Add(new AuthenticationHandler(authConfig));
