Search code examples
c#asp.net-web-apiroleprovider

Custom RoleProvider with Windows Authentication in Web API

I have a WebAPI project in which I need to use Windows Authentication for the Users but implement a Custom Role Provider for the Authorize attributes above the routes. When I implement it however I always get {"Message":"Authorization has been denied for this request."} as the result for my call. Furthermore none of my breakpoints ever trigger except for the one in the constructor of the Custom Role Provider

Controller

[Authorize(Roles="Administrator")]
[RoutePrefix("api/Constituents")]
public class ConstituentsController : ApiController
{
[Route("Constituents")]
    [HttpGet]
    public IDataResponse<List<IConstituent>> GetConstituents()
    {
        return service.GetConstituent();
    }

Custom Role Provider

public class CustomRoleProvider : RoleProvider
{
    public CustomRoleProvider()
    {
        this.UserRepo = new UserRepository();  //Breakpoint here triggers
        this.RoleRepo = new RoleRepository();
    }
    public override string[] GetRolesForUser(string username)
    {
        var roles = UserRepo.GetUser(username)?.Roles?.Select(r => r.Name).ToArray();
        return roles;
    }
    public override bool IsUserInRole(string username, string roleName)
    {
        var user = UserRepo.GetUser(username);
        return user.Roles.Select(r => r.Name).Contains(roleName); 
    }

Web Config

<authentication mode="Windows"/>
  <roleManager cacheRolesInCookie="false"
        defaultProvider="CustomRoleProvider"
        enabled="true">
<providers>
    <clear />
    <add name="CustomRoleProvider"
        type="Data.CustomRoleProvider, Data" />
</providers>

What piece of the puzzle am I missing? I need to get the current user making the request and then check to see if the have the appropriate role in the database.

Thanks

Solution

  • By default, Visual Studio sets the Windows Authentication property on your project to Disabled. In the Properties pane (not the tab), you need to flip the property to Enabled. That should let you hit the breakpoints on your RoleProvider.

    Setting Windows Authentication Property in Visual Studio

    When you put your application on a server, you may have to perform a similar process in IIS to Enable Windows Authentication and Disable Anonymous Authentication.