I am migrating applications away from the ASP.Net MVC 5 framework to the new .Net Core 2.1.
I used Windows Authentication with a Custom RoleProvider in the MVC 5 Projects as shown in the link below.
ASP.NET MVC How to create a custom role provider
How do I accomplish the same in Core 2.1 as it does not seem to contain RoleProvider capability?
Every example I come across uses Individual Accounts with IdentityUser and IdentityRole.
My custom tables for User and Roles :
public class User
{
public User() { UserRoles = new HashSet<UserRole>(); }
[Key]
public string Id { get; set; }
[StringLength(50)]
[Required]
public string Logon { get; set; } //The users Active Directory Username
public bool Active { get; set; }
public ICollection<UserRole> UserRoles { get; set; }
}
public class Role
{
public Role() { UserRoles = new HashSet<UserRole>(); }
[Key]
public string Id { get; set; }
public string Name { get; set; }
public ICollection<UserRole> UserRoles { get; set; }
}
Edit:
I've added a CustomClaimsPrincipal which goes like:
public class CustomClaimsPrincipal : ClaimsPrincipal
{
private readonly ApplicationDbContext _context;
public CustomClaimsPrincipal(ApplicationDbContext context)
{
_context = context;
}
public override bool IsInRole(string role)
{
var currentUser = ClaimsPrincipal.Current.Identity.Name;
IdentityUser user = _context.Users.FirstOrDefault(u => u.UserName.Equals(currentUser, StringComparison.CurrentCultureIgnoreCase));
//(ApplicationUser)_context.Users.FirstOrDefault(u => u.UserName.Equals(currentUser, StringComparison.CurrentCultureIgnoreCase));
var roles = from ur in _context.UserRoles.Where(p => p.UserId == user.Id)
from r in _context.Roles
where ur.RoleId == r.Id
select r.Name;
if (user != null)
return roles.Any(r => r.Equals(role, StringComparison.CurrentCultureIgnoreCase));
else
return false;
}
}
and added to Startup.cs
services.AddIdentity<ApplicationUser, IdentityRole>().AddEntityFrameworkStores<ApplicationDbContext>();
services.AddScoped<ClaimsPrincipal, CustomClaimsPrincipal>();
But it still seems to be taking the original ClaimsPrincipal IsInRole function instead of the override which I believe is why I'm getting the error message "The trust relationship between the primary domain and the trusted domain failed."
Best Answer
I had the same problem - the solutions given in the post weren't helpful but the comments pointed me in the right direction. You need to add claims to your ClaimsPrincipal.
Step 1: Create a ClaimsTransformer - Replace "Admin" and add a separate claim for each role you fetch from your database
Step 2: Add your ClaimsTransformer to the ConfigureServices method of Startup.cs
Step 3: You can now add Role based Authorization attributes within your Controllers