Roles.GetRolesForUser unavailable in custom authorization attirbute

Question

I'm trying to implement my own custom attribute where I have to fetch all roles for current user like this:

public class CustomRoleAuthorization: System.Web.Mvc.AuthorizeAttribute
    {

   public override void OnAuthorization(AuthorizationContext filterContext)
        {
            base.OnAuthorization(filterContext);
            if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
            {
                filterContext.Result = new RedirectResult("~/Login");
                return;
            }
            var requiredRoles = Roles.Split(Convert.ToChar(",")).ToList();

            var userRoles = Roles.GetRolesForUser(filterContext.HttpContext.User.Identity.Name);

            foreach (var item in requiredRoles)
            {
                if (!filterContext.HttpContext.User.IsInRole(item))
                {
                    filterContext.Result = new RedirectResult("~/Index/Index");
                    return;
                }
            }

        }
}

But for some reason this line doesn't works:

 var userRoles = Roles.GetRolesForUser(filterContext.HttpContext.User.Identity.Name);

It says that the Roles property is a string and that it doesn't contains a method GetRolesForUser?

How can I add this extension method to my project so that I can get all user roles from identity upon loging in ??

@Stephen this is how I set the roles upon login:

 if (user.PasswordHash == PasswordSecurity.CreatePasswordHash(model.Password, user.PasswordSalt))
 {
  ClaimsIdentity identity = new ClaimsIdentity(DefaultAuthenticationTypes.ApplicationCookie);
 identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, model.Email));
  List<Claim> claims = new List<Claim>();
 var roles = user.UserRoles.Where(x=>x.Active==true).ToList();
 foreach (var item in roles)
 {
   claims.Add(new Claim(ClaimTypes.Role, item.Roles.RoleName));
  }
 identity.AddClaims(claims);
 identity.AddClaim(new Claim(ClaimTypes.Name, model.Email));
 AuthenticationManager.SignIn(new AuthenticationProperties { IsPersistent = true, ExpiresUtc = DateTimeOffset.UtcNow.AddHours(3) }, identity);
 return Json("ok");
 }

score 1 · Accepted Answer · answered Jul 25 '17 at 10:51

1

AuthorizeAttribute contains a public string Roles { get; set; } property (refer documentation) so you need to use the fully qualified name

var userRoles = System.Web.Security.Roles.GetRolesForUser(...

or you can create an alias for the assembly name

answered Jul 25 '17 at 10:51

Hey Stephen, thanks a lot for the reply! By the way I did what you just wrote, and as a result I'm getting: {string[0]}? Looks like I don't set the roles properly or ... ? – User987 Jul 25 '17 at 10:53
1

It suggests you have no roles for the current logged-in user (but not sure if there could be other reasons why it might return an empty array. – Jul 25 '17 at 10:56
I've edited my question with how I add the user roles – User987 Jul 25 '17 at 10:58
1

Your using `ClaimsIdentity` and I think there is different code for getting all roles (give me 10 min to check) – Jul 25 '17 at 11:03
okay thanks a lot, i've been knocking my head against the wall for past few hours to figure this out , and no clue yet xD – User987 Jul 25 '17 at 11:05
1

Check the answers to [asp.net identity get all roles of logged in user](https://stackoverflow.com/questions/21688928/asp-net-identity-get-all-roles-of-logged-in-user) – Jul 25 '17 at 11:06
Ahh this is it, right away u nailed it ! :D Thanks a lot ! – User987 Jul 25 '17 at 11:09

Roles.GetRolesForUser unavailable in custom authorization attirbute

1 Answers1