Asp.Net MVC authorize a custom user which extends ApplicationUser

Question

I'm using the built-in authentication/authorization system where the ApplicationUser needs to log in and once authenticated, he is signed in with the SignInManager.

I also have a different user, CustomUser which extends ApplicationUser. The CustomUser is authenticated via external service. Once he is authenticated, I check if he exists, if not I create him and give him the CustomRole.

How can I keep that CustomUser authorized? I would like to be able to place the [Authorize(Roles="CustomRole")] attribute above the actions where he should be allowed. Is that possible? What would I need to do to make that work? Or is there a better way?

EDIT

Here's the implementation of CustomUser. It is located under Application.Models

public class CustomUser : ApplicationUser
{
    public int Gender
    {
        get;
        set;
    }

    public string FCode
    {
        get;
        set;
    }

    public bool Subscribed
    {
        get;
        set;
    }
}

This is a simplified version of CustomUser.

score 0 · Answer 1 · answered Feb 16 '17 at 14:30

You should be able to do something like below for role:

[Authorize(Roles = "CustomRole")]
public ActionResult CustomRoleOnly()
{
    return View();
}

or if it was for Users

 [Authorize(Users = "JoeBloggs, JaneDoe")]
 public ActionResult SpecificUserOnly()
 {
     return View();
 }

Masoud Andalibi · Accepted Answer · 2017-02-16T15:04:23.267

If you want to Authorize by Role, you need to Create Roles using:

userManager.AddToRole(user.Id, "NameOfRole");

You can create a Register Action like below, any registered user would be from one Role. You can Create Other Role For Manager and update specific user for example later on.

using (var context = new ApplicationDbContext())
{
    if (ModelState.IsValid)
    {
        var user = new ApplicationUser { UserName = model.Email, Email = model.Email };
        var result = await UserManager.CreateAsync(user, model.Password);

        if (result.Succeeded)
        {
            await SignInManager.SignInAsync(user, isPersistent: false, rememberBrowser: false);
                        //adding a role after register
            var roleStore = new RoleStore<IdentityRole>(context);
            var roleManager = new RoleManager<IdentityRole>(roleStore);

            var userStore = new UserStore<ApplicationUser>(context);
            var userManager = new UserManager<ApplicationUser>(userStore);
            userManager.AddToRole(user.Id, "SimpleUser");
            // For more information on how to enable account confirmation and password reset please visit http://go.microsoft.com/fwlink/?LinkID=320771
            // Send an email with this link
            // string code = await UserManager.GenerateEmailConfirmationTokenAsync(user.Id);
            // var callbackUrl = Url.Action("ConfirmEmail", "Account", new { userId = user.Id, code = code }, protocol: Request.Url.Scheme);
            // await UserManager.SendEmailAsync(user.Id, "Confirm your account", "Please confirm your account by clicking <a href=\"" + callbackUrl + "\">here</a>");

            return RedirectToAction("Index", "Home");
        }
        AddErrors(result);
    }
}

Then on your Authorize Attribute you can use Roles to Authorize.

[Authorize(Roles="Manager, SimpleUser, so on..")]

The problem is that the SignInManager only accepts ApplicationUser, not the extended CustomUser. I've managed to create the CustomUser and add to the correct role but now I need to be able to "sign him in" or in some way tell the system which user is using the system, if that makes sense? So is it possible to get an instance of SignInManager that can sign him in? — joks, Feb 16 '17 at 15:11
@joks look at this article mate, you do not need to Create a Model for Custom User, u can use ApplicationUser, if you want to give it extra properties you can add it to its Class like this article: http://stackoverflow.com/questions/28335353/how-to-extend-available-properties-of-user-identity — Masoud Andalibi, Feb 16 '17 at 15:18
I just edited the post to show how I created the CustomUser. I have seen this post you recommended and have also used that to add fields to the ApplicationUser. But in the case of CustomUser, I will have a lot of them and just didn't want to "crowd" the ApplicationUser with all those properties. But perhaps that doesn't even matter since it's all stored in the same table? — joks, Feb 16 '17 at 15:36
@joks mate you need to have one `ApplicationUser` and many `Roles`, i recommend using what i linked above, since they all stored in same table, its useless creating new class inherited from `ApplicationUser`. — Masoud Andalibi, Feb 16 '17 at 17:30
Until I see the argument for an extended user over just one I agree with you :) Thanks for your help. — joks, Feb 16 '17 at 23:16

Asp.Net MVC authorize a custom user which extends ApplicationUser

2 Answers2