I have been having trouble with using roles based Authentication in my project.
I have set-up some roles and linked them to a user.
This works:
[Authorize]
public class UsersController : Controller
{}
If I am not logged in it asks me to login.
However If I change it to:
[Authorize(Roles = "ManageUsers")]
public class UsersController : Controller
{}
And I try access it from the user with that role It asks me to login.
So I did some goggling and I found this post: Link and they suggested to add:
<roleManager enabled="true" defaultProvider="AspNetSqlRoleProvider">
<providers>
<clear />
<add name="AspNetSqlRoleProvider" connectionStringName="DefaultConnection" applicationName="/" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</roleManager>
In my web config. Which I did and it then allowed me to access the controller. But I noticed that it let me access the controller if I was in that role or not.
I am using Cookies Authentication for my project. So I think that I am getting confused between the different types of authentication.
public void ConfigureAuth(IAppBuilder app)
{
// Enable the application to use a cookie to store information for the signed in user
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
ExpireTimeSpan = TimeSpan.FromMinutes(5),
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login")
});
So I need some advice on where to go from here:
I simply want to make use of the roles which is implemented by the default project, I have populated the database etc. I just cant get my filters working.