I have an MVC 4 web application with Entity Framework 5.

I've been trying to implement Authorization for roles with entirely different types of access, but wanted to use my own DB structure. I've written custom Membership and Role providers, and implemented them.

I don't think I've managed to implement these providers correctly, or haven't properly disabled the simplemembership.

When I apply the [Authorize(Roles = "Admin")] attribute to a Controller, I get the following error message:

Server Error in '/' Application. Could not find stored procedure 'dbo.aspnet_CheckSchemaVersion'.

All I want to do is check that the authenticated user is in the Admin role before allowing any access to the panel.

My Web.config:

<system.web>
  <roleManager enabled="true" defaultProvider="CustomRoleProvider" cacheRolesInCookie="true">
    <providers>
      <clear />
      <add name="CustomRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="DefaultConnection" applicationName="CostaPropertyServices" />
    </providers>
  </roleManager>

My CustomRoleProvider:

namespace CostaPropertyServices.Models
{
    public class CustomRoleProvider : RoleProvider
    {
        .... // Code skipped for brevity
        public override string[] GetRolesForUser(string username)
        {
            using (var db = new PropertyInfoEntities())
            {
                var user = db.Users.SingleOrDefault(u => u.Username == username);
                if (user == null)
                    return new string[] { };
                return user.Roles == null ? new string[] { } :
                  user.Roles.Select(u => u.Name).ToArray();
            }
        }

        public override string[] GetUsersInRole(string roleName)
        {
            throw new NotImplementedException();
        }

        public override bool IsUserInRole(string username, string roleName)
        {
            using (var db = new PropertyInfoEntities())
            {
                var user = db.Users.SingleOrDefault(u => u.Username == username);
                if (user == null)
                    return false;
                return user.Roles != null && user.Roles.Any(r => r.Name == roleName);
            }
        }

Does anyone know what I'm doing wrong? Thankyou.

EDIT:

I'm thinking the problem is that I haven't wired up the Membership provider correctly since finding this similar question, but cannot find where I've gone wrong.

2

There are 2 answers

1
Win On BEST ANSWER

According to your web.config file, you are not using custom role provider.

Type should be type="CostaPropertyServices.Models.CustomRoleProvider, CostaPropertyServices"

<system.web>
  <roleManager enabled="true" defaultProvider="CustomRoleProvider" 
      cacheRolesInCookie="true">
    <providers>
      <clear />
      <add name="CustomRoleProvider" 
           type="CostaPropertyServices.Models.CustomRoleProvider" 
           connectionStringName="DefaultConnection" 
           applicationName="CostaPropertyServices" />
    </providers>
  </roleManager>
0
Serj Sagan On

If you've implemented the new ASP.NET Identity then what you're looking for is:

var roleManager = new RoleManager<IdentityRole>(new RoleStore<IdentityRole>(new ApplicationDbContext()));