Geek Answers Handbook

Is Roles.IsUserInRole behaving as expected in the following simple scenario?

In the custom role provider (inheriting from RoleProvider) in .NET 2.0, the IsUserInRole method was hardcoded to always return true:

public override bool IsUserInRole(string username, string roleName) { return true; }

In an ASP.NET application configured to use this role provider, the following code returns true (as expected):

 Roles.IsUserInRole("any username", "any rolename"); // results in true

However, the following code returns false:

 Roles.IsUserInRole("any rolename"); // results in false

Note that User.IsInRole ("any movie-name") also returns false.

  • Is this expected behavior?
  • Is it wrong to assume that an overload that accepts only the role name will still cause an overridden IsUserInRole?

Refresh . Note that for the version that takes a single line, there does not seem to be an override, which led to my assumption in # 2.

+3
source share
3 answers

I looked at Roles.IsUserInRole (string rolename) in a .net reflector and it solves the following:

 public static bool IsUserInRole(string roleName) { return IsUserInRole(GetCurrentUserName(), roleName); }

I would look at your current user. That's why:

 private static string GetCurrentUserName() { IPrincipal currentUser = GetCurrentUser(); if ((currentUser != null) && (currentUser.Identity != null)) { return currentUser.Identity.Name; } return string.Empty; }

I would argue that this returns an empty string because you either do not have the current user, or his name is an empty string or null.

The IsUserInRole(string username, string roleName) method has the following code block at the beginning of the code:

  if (username.Length < 1) { return false; }

If your GetCurrentUserName() does not return anything meaningful, then it will return false before it calls your overridden method.

The moral to clean it: Reflector is a great tool :)

+3
source

Also be careful if you select cacheRolesInCookie = "true" in the RoleManager configuration. If you add a new role to the database, it may look at the cached version in the cookie.

I had this problem and the solution was to delete the cookie and re-register.

0
source

It may help someone to know:

If you use the login control for authentication, the username entered in the control becomes HttpContext.Current.User.Identity.Name, which is used in Roles.IsUserInRole (string name), and more specifically, GetUser () membership. Therefore, if this is the case, be sure to redefine the Authenticate event, check the user in this method and set the username to a value that your user member can use.

  protected void crtlLoginUserLogin_Authenticate(object sender, AuthenticateEventArgs e) { bool blnAuthenticate = false; string strUserName = crtlLoginUserLogin.UserName; if (IsValidEmail(strUserName)) { //if more than one user has email address - must authenticate by username. MembershipUserCollection users = Membership.FindUsersByEmail(strUserName); if (users.Count > 1) { crtlLoginUserLogin.FailureText = "We are unable to determine which account is registered to that email address. Please enter your Username to login."; } else { strUserName = Membership.GetUserNameByEmail(strUserName); blnAuthenticate = Membership.ValidateUser(strUserName, crtlLoginUserLogin.Password); //setting the userLogin to the correct user name (only on successful authentication) if (blnAuthenticate) { crtlLoginUserLogin.UserName = strUserName; } } } else { blnAuthenticate = Membership.ValidateUser(strUserName, crtlLoginUserLogin.Password); } e.Authenticated = blnAuthenticate; }
0
source

More articles:


All Articles