Hello,
I have just created my custom Role Provider in an MVC4 project I'm working on. I have created the custom implementation, and set it up in web.config. However, when debugging the website, I can see that it's never called. The [Authorize(Roles="Admin")] call makes the browser ask for login details 3 times, then I get a 401 error. During this process, the code never enters my custom role provider.
Now normally, I would assume my code is incorrect somehow, but it turns out, the problem is actually with IIS. When debugging the project using the ASP Development Server, the code enters my custom role provider just fine, and it all works as intended. It's only when running off my local IIS 7.5, or IIS Express from visual studio, that the problem happens. It seems as if IIS is simply ignoring my code and using some personal provider.
Here's the relevant code (non relevant stuff has been cut out), but obviously the code should be fine since it works perfectly in ASP Development Server:
Web.Config:
<system.web><authentication mode="Windows" /><roleManager cacheRolesInCookie="true" defaultProvider="CustomRoleProvider" enabled="true"><providers><clear /><add name="CustomRoleProvider" type="LSA.Models.Security.LSARoleProvider" /></providers></roleManager></system.web>
Implementation:
public class LSARoleProvider : RoleProvider { public override string[] GetRolesForUser(string username) { using (LSAEntities db = new LSAEntities()) { username = username.ToLower().Replace("domain\\",""); AppUser user = db.AppUsers.FirstOrDefault(u => u.NTName.Equals(username, StringComparison.CurrentCultureIgnoreCase)); if (user != null) return new string[] { user.Role }; else return new string[] { }; } } public override bool IsUserInRole(string username, string roleName) { return GetRolesForUser(username).Contains(roleName); } }
Please give me some pointers how I can tell IIS to stop ignoring my web.config and start using my custom provider.