2

I am trying to lock down our "admin" page to only admins using Asp.net Identity (we are building in MVC5). I can get [Authorize(Users="admin")] to work but can not get [Authorize(Roles="Admin")] to work.

I have created the role in the dbo.AspNetRoles table and then associated the account in the AspNetUserRoles by pairing the user GUID to the ID in the aspnetroles table.

I have seen in previous editions of MVC you have had to get into web.config to add some lines. Can anyone help point me in the right direction?

Improve this question

1 Answer 1

Reset to default
1

Have you specified in the web.config that you are going to use roles?

 <roleManager enabled="true" defaultProvider="AspNetSqlRoleProvider"> <providers> <clear /> <add name="AspNetSqlRoleProvider" connectionStringName="DefaultConnection" applicationName="/" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </providers> </roleManager>
Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

you need to add this right, it isn't currently there for you to modify, correct?
@RefractedPaladin Sometimes it is, sometimes it isn't depending on what project type created the file.
This answer will not help if you are using ASP.NET Identity, which is what MVC 5 uses out of the box.
Using ASP.NET Identity and MVC 5, the roles are stored in the cookie by default. You may need to log off and log in again to update the roles for the user.
@seanwoodward: What if I've to give an admin interface to assign and de-assign roles to users, specifically using ASP.NET Identity in MVC 5?
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.