GenericPrincipal roles not available in MVC views

StackOverflow https://stackoverflow.com/questions/13089361

  •  14-07-2021
  •  | 
  •  

Question

In our MVC app, we're by-passing the RolesProvider in favor of just caching our roles in a cookie that will be passed around. Following several suggestions around the interwebs, we're leveraging the Application_AuthenticateRequest event, like so:

    protected void Application_AuthenticateRequest(Object sender, EventArgs e)
    {
        var user = HttpContext.Current.User;
        if (user == null || !user.Identity.IsAuthenticated)
        {
            return;
        }

        // read the roles from the cookie and set a custom generic principal
        var fi = (FormsIdentity)HttpContext.Current.User.Identity;
        var httpCookie = HttpContext.Current.Request.Cookies["Roles"]; // custom cookie set during authentication
        if (httpCookie != null)
        {
            string rolesCookie = httpCookie.Value;
            var pmUserRoles = rolesCookie.Split(',');
            GenericPrincipal gp = new GenericPrincipal(fi, pmUserRoles);
            HttpContext.Current.User = gp;
        }
    }

I'm stepped through that method and threw in a couple conditionals with some of our roles, and immediately after the current User is set, User.IsInRole("rolename") works like a charm.

But then, when trying to make the same call in a view:

@if(Request.IsAuthenticated)
{
    if (User.IsInRole("role1") || User.IsInRole("role2"))
    {
        <!-- show something -->
    }
    else if (User.IsInRole("role3"))
    {
        <!-- show something else -->
    }
}

The roles can't be accessed. When I dig into the User at this point, it looks like the roles don't even exist, right after I confirmed that the User has them at the end of the AuthenticateRequest event.

This question has similar problems, I was going to just comment there but I guess I can't because of my low rep - but it looks like this isn't just an issue with me.

I also looked at this question which has a similar approach, but this is giving me the same result.

Any suggestions or comments on what's going on?

Was it helpful?

Solution

I finally found the answer to this, using the Application_OnPostAuthenticateRequest handler instead of Application_AuthenticateRequest.

Courtesy of this answer (which was surprisingly not the accepted one in that thread!). Thanks to Tiago Matias!

OTHER TIPS

Try HttpContext.Current.User.IsInRole instead of User.IsInRole.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top