locked
AspNetUserRoles RRS feed

  • Question

  • User-309523270 posted

    Hi,

    I manually changed the UserRole for my user login to have read-write access on the back-end(changing AspNetUserRoles table).

    However, even after changing, the Screen / View still gives me only read-write access.  I checked the values and the role value reflect what is in the database.

    Here is the code:

    UserRoles.cs
    ============
        public static class UserRoles
        {
            public const string NON_SYSTEM_USER = "Non-System User";
            public const string NON_SYSTEM_USER_CODE = "0";

            public const string READ_ONLY_USER = "Read-Only User";
            public const string READ_ONLY_USER_CODE = "1";

            public const string TOOLROOM_CLERK = "Toolroom Clerk";
            public const string TOOLROOM_CLERK_CODE = "2";

            public const string TOOLROOM_ADMIN = "Toolroom Administrator";
            public const string TOOLROOM_ADMIN_CODE = "3";

            public const string SYSTEM_ADMIN = "System Administrator";
            public const string SYSTEM_ADMIN_CODE = "4";

            public const string ALLOW_INPUT = TOOLROOM_CLERK + "," + TOOLROOM_ADMIN + "," + SYSTEM_ADMIN;
            public const string ALLOW_INPUT_CODES = TOOLROOM_CLERK_CODE + "," + TOOLROOM_ADMIN_CODE + "," + SYSTEM_ADMIN_CODE;

            public const string ADMIN = TOOLROOM_ADMIN + "," + SYSTEM_ADMIN;
            public const string ADMIN_CODES = TOOLROOM_ADMIN_CODE + "," + SYSTEM_ADMIN_CODE;

        }

    view
    =====

                                @if (User.IsInRole(UserRoles.ALLOW_INPUT))
                                {
                                    <a class="dropdown-item" asp-controller="Receive" asp-action="Create">Add Received</a>
                                }

    debug mode
    ==========

    value when tracing (same as the database):

    [3] = {http://schemas.microsoft.com/ws/2008/06/identity/claims/role: Toolroom Clerk}

    Please advise.

    Thanks,

    tinac99

    Wednesday, December 11, 2019 10:09 PM

Answers

  • User475983607 posted

    Roles are cached.  Did you log out then log in again?  Otherwise, you have a bug in your code and need to troubleshoot.

    Ah, this will not work.

    public const string ALLOW_INPUT = TOOLROOM_CLERK + "," + TOOLROOM_ADMIN + "," + SYSTEM_ADMIN;

    User.IsInRole does NOT take a comma separated list.  Not sure where you came up with this but the doc cover how IsInRole works.  You'll need to change the design.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, December 11, 2019 10:25 PM
  • User-719153870 posted

    Hi tinac99,

    public const string ALLOW_INPUT = TOOLROOM_CLERK + "," + TOOLROOM_ADMIN + "," + SYSTEM_ADMIN;

    @if (User.IsInRole(UserRoles.ALLOW_INPUT))
                                {
                                    <a class="dropdown-item" asp-controller="Receive" asp-action="Create">Add Received</a>
                                }

    What you are trying to do is to use User.IsInRole Method to check multiple roles, as you can see in the document, the string you set as the parameter must be the existing records in your AspNetRoles table. This means the ALLOW_INPUT in your code which is comma concatenated( TOOLROOM_CLERK + "," + TOOLROOM_ADMIN + "," + SYSTEM_ADMIN ) can not be recognized as the correct record you can find in your table.

    The workaround we can provide is to use AND(&&) or OR(||) to modify your if condition. You can refer to User.IsInRole multiple? and Multiple roles in 'User.IsInRole'.

    In your case:

    @if (User.IsInRole(UserRoles.TOOLROOM_CLERK) && User.IsInRole(UserRoles. TOOLROOM_ADMIN) && User.IsInRole(UserRoles. SYSTEM_ADMIN))
    {
      <a class="dropdown-item" asp-controller="Receive" asp-action="Create">Add Received</a>
    }

    Please give it a try and if you met any more problem or i misunderstood anything, please feel free to tell.

    Best Regard,

    Yang Shen

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, December 12, 2019 6:50 AM

All replies

  • User475983607 posted

    Roles are cached.  Did you log out then log in again?  Otherwise, you have a bug in your code and need to troubleshoot.

    Ah, this will not work.

    public const string ALLOW_INPUT = TOOLROOM_CLERK + "," + TOOLROOM_ADMIN + "," + SYSTEM_ADMIN;

    User.IsInRole does NOT take a comma separated list.  Not sure where you came up with this but the doc cover how IsInRole works.  You'll need to change the design.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, December 11, 2019 10:25 PM
  • User-719153870 posted

    Hi tinac99,

    public const string ALLOW_INPUT = TOOLROOM_CLERK + "," + TOOLROOM_ADMIN + "," + SYSTEM_ADMIN;

    @if (User.IsInRole(UserRoles.ALLOW_INPUT))
                                {
                                    <a class="dropdown-item" asp-controller="Receive" asp-action="Create">Add Received</a>
                                }

    What you are trying to do is to use User.IsInRole Method to check multiple roles, as you can see in the document, the string you set as the parameter must be the existing records in your AspNetRoles table. This means the ALLOW_INPUT in your code which is comma concatenated( TOOLROOM_CLERK + "," + TOOLROOM_ADMIN + "," + SYSTEM_ADMIN ) can not be recognized as the correct record you can find in your table.

    The workaround we can provide is to use AND(&&) or OR(||) to modify your if condition. You can refer to User.IsInRole multiple? and Multiple roles in 'User.IsInRole'.

    In your case:

    @if (User.IsInRole(UserRoles.TOOLROOM_CLERK) && User.IsInRole(UserRoles. TOOLROOM_ADMIN) && User.IsInRole(UserRoles. SYSTEM_ADMIN))
    {
      <a class="dropdown-item" asp-controller="Receive" asp-action="Create">Add Received</a>
    }

    Please give it a try and if you met any more problem or i misunderstood anything, please feel free to tell.

    Best Regard,

    Yang Shen

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, December 12, 2019 6:50 AM
  • User-1780421697 posted

    if you want to associate the privileges like CRUD of an entity to role then you need to use ASPNetRoleClaims where you need to get privileges of a role.

    Thursday, December 12, 2019 11:37 AM