Search code examples
c#asp.netasp.net-mvcasp.net-membership

ASP.NET (MVC) Users, Roles and Users in Roles


I have had a mini-battle over the past two days and although I have solved it, its not in the way I expected.

ASP.NET 4.5 on Visual Studio 2013.
If you create a new project and fire it up for the first time, and register, everything is fine.

It creates a table called AspNetUsers and puts your in that table.

It also creates other tables (including - but not limited to) - AspNetRoles - stores roles - AspNetUserRoles - stores users in roles

So I used Database first to create Models and Controllers for all 3 tables so I can manage them from an interface (I know there used to be something built in to VS2010 but it seems to have disappeared - no worries as I learnt how to do DB first)

Problem is when I added a user to a role, the data showed in my database but when I tried to lockdown a controller method using the decorator:

[Authorize(Roles="admin")]
public string test() 
{
  return "hello";
}  

everything started to go pear shaped.

So I tested User.IsInRole("admin") and to my dismay it returned false!

So I went down the journey of web.config (this tells the role manager to point at my DefaultConnection (which I am using for everything)

<roleManager enabled="true" defaultProvider="SqlRoleManager">
  <providers>
    <add name="SqlRoleManager"
         type="System.Web.Security.SqlRoleProvider"
         connectionStringName="DefaultConnection"
         applicationName="ConferenceOrg" />
  </providers>
</roleManager>

Then in code I used:

string role = "admin";

if (!Roles.RoleExists(role))
{
  Roles.CreateRole(role);  
}
else
{
  string[] usrs = { User.Identity.Name };

  if (!User.IsInRole(role))  
  {
    Roles.AddUsersToRole(usrs, role);
  }
}

Initially this didn't work because a stored procedure didn't exist. So, I went to C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Tools\Shortcuts and fired up the Native Tools Cmd prompt (x86) and used that to add the stored procedures etc

Now the code above works but it has created a whole bunch of tables in addition to the original set.

enter image description here

The code creates the role in the new aspnet_roles table and it now creates my user in BOTH AspNetUsers and aspnet_users

So my next move is to just delete the tables I created with database first and redo it for the aspnet_ tables instead...

Not happy but it will work. Any thoughts on my situation?

Am I doing it right?


Solution

  • Your project is mixed with Legacy SQL Membership Provider and New ASP.Net Identity.

    You only need one Membership which is New ASP.Net Identity.

    In ASP.Net Identity, you do not need to configure any setting in web.config (except AppStartup for owin).

    How to Solve it

    Now your database is a mess. Since your application is new and no existing users, it is easily to recreate a new Application and new Database, and start all over again.

    Then make sure both User and Role are assigned to AspNetUserRoles table.