How to use Roles in ASP.NET Core 2.1?

Question

I\'ve created a test project using:

dotnet new razor --auth Individual --output Test

This creates a Startup.cs that contains:

p         


        

Answer 1

Might help someone else: If you add asp.net identity through scaffolding to an existing project, you'll need to edit the IdentityHostingStartup.cs and change the services there instead of in your startup class:

services.AddIdentity<AppUser, IdentityRole>()
                .AddDefaultUI()
                .AddRoles<IdentityRole>()
                .AddRoleManager<RoleManager<IdentityRole>>()
                .AddDefaultTokenProviders()
                .AddEntityFrameworkStores<authContext>();

And then you can use the role manager in your seeding.

Answer 2

It seems that finally Microsoft understood that not every application needs roles and separated them.

Notice that AddDefaultIdentity is declared as:

public static IdentityBuilder AddDefaultIdentity<TUser>(this IServiceCollection services) where TUser : class;

So, you can continue to configure Identity options through that IdentityBuilder. What you want to do is:

services.AddDefaultIdentity<IdentityUser>().AddRoles<IdentityRole>();

Fortunately, they also removed the IUser and IRole constrains, so now you can use models in a completely separate assembly without having to install hundreds of NuGet packages.

Answer 3

Starting in .Net Core 2.1, AddDefaultIdentity is the same as calling:

• AddIdentity
• AddDefaultUI
• AddDefaultTokenProviders

To add role functionality, go to Startup.cs under ConfigureServices you can use .AddRoles like so:

services.AddDefaultIdentity<IdentityUser>()
    .AddRoles<IdentityRole>()            //<-- This line
    .AddEntityFrameworkStores<ApplicationDbContext>();

That's all that is needed. It is crucial to logout and login again.

For the record (and just to test), I tried services.AddIdentity:

IServiceCollection does not contain a defintion for 'AddIdentity'...

and services.AddIdentityCore (no error until Debug and displaying the page):

InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action configureOptions).

There may be more you can do to get the latter two working, but the code I posted for AddDefaultIdentity is all I needed in order to get User.IsInRole and other role functionality working in .NET Core 2.1 (and 3.1).

Answer 4

In addition to the answers already provided, despite adding .AddRoles<Identity>(), I still could not get Authorization when use Authorize(Roles = "Administrator") on my controllers. For some reason,the "role claim doesn't seem to affect IsUserInRole or AuthorizeAttribute with a role name."

To make use of roles I would suggest that one use the ASP.NET 2.0 way like below:

services.AddIdentity<IdentityUser, IdentityRole>()
            .AddDefaultUI()
            .AddDefaultTokenProviders()
            .AddEntityFrameworkStores<ApplicationDbContext>();

This way, you get to use your roles and also get the Identity pages scaffolded for you.

Refer to this issue on aspnet github: Issue 1813

Answer 5

I also fought with this problem a while ago. I couldn't make roles to work.

In my project I used ASP.NET Core 2.1 (it could be fixed in 2.2, see link) and also scaffolded some pages.

After long searches on the internet I found this solution (which is also mentioned above in Issue 1813)

The solution was for me (as proposed in the article) to add the following line with IUserClaimsPrincipalFactory:

        services.AddScoped<IUserClaimsPrincipalFactory<IdentityUser>, 
            UserClaimsPrincipalFactory<IdentityUser, IdentityRole>>();

        services.AddDefaultIdentity<IdentityUser>()
            .AddRoles<IdentityRole>()
            .AddRoleManager<RoleManager<IdentityRole>>()
            .AddDefaultTokenProviders()
            .AddEntityFrameworkStores<TranslatorDbContext>();