Roles available with Windows Authentication

Question

I'm trying to add Roles authentication to an Action in a Controller in an ASP.NET MVC application. The code looks something like this:

[Authorize(Roles = "SomeRoleName")]
public ActionResult Index()
{
    bool inRole = User.IsInRole("Admin");

If I remove the Authorize attribute and put a breakpoint on the last line in that code sample, is there a way that I can inspect the objects and find out what roles are available?

e.g. I call User.IsInRole("Admin) in the Immediate window and it will give me a true/false value. How can I access the collection of roles available?

Answer 1

Add this to your web.config under system.web:

<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider"/>

Then you can use:

string[] arr = Roles.GetRolesForUser(User.Identity.Name);

or:

string[] arr = Roles.GetRolesForUser();

Answer 2

If you don't need to do this programatically, but you are trying to determine the correct Windows Groups/Roles that need to be specified, you can use this from the command line:

C:\> net group /domain  (lists all Roles in the domain)
C:\> net user <username> /domain (lists info, including roles for a user)

Otherwise you will need to query the LDAP part of Active Directory, or use something under DirectoryServices.

Take a look at these websites to access Active Directory via C#:

• Howto: (Almost) Everything In Active Directory via C# - Codeproject
• User Management with Active Directory

Answer 3

I'm guessing you aren't using a role provider here, but falling back on the underlying functionality of WindowsPrincipal where the roles map to the user's groups. Anyhow, I don't think one can do more than enumerate the windows groups available on that machine/in that domain. Not sure if this helps, but that's all I can say without having an idea of what you are trying to do with said roles list.

Answer 4

You can use the various methods on the RoleProvider class in System.Web.Security.Roles.Provider.

See this for more: Role Provider