Want to set some role based dependencies (Ioc, Ninject). But after a successful login the role of the user is unknown. Where and when to apply the injection? Can I force the initialization of roles? Or do I have to fetch them myself?
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult Login(LoginModel model, string returnUrl)
{
if (ModelState.IsValid && WebSecurity.Login(model.UserName, model.Password, persistCookie: model.RememberMe))
{
DoRolebasedObjectBinding(model.UserName); // THIS IS THE WRONG PLACE!
return RedirectToLocal(returnUrl);
}
// If we got this far, something failed, redisplay form
ModelState.AddModelError("", "The user name or password provided is incorrect.");
return View(model);
}
The applicatin starts with the HomeContoller (no role set), after the succesful login the appllication is redirected to de HomeController (see standard code above) and now the role is set... One trick is to force the roles to be initialized in the HomeController by adding all roles or an addtional "common" role
public class HomeController : Controller
{
[Authorize(Roles = "Common")]
public ActionResult Index()
{
DoRolebasedObjectBinding(User.Identity.Name);
But this forces a login an also forces the HomeController as a start point. Hopefully is an "elegant" place to call my DoRolebasedObjectBinding.
Based on Role based authentication in the new MVC 4 Internet template, the answer is rather simple: do it yourself:
var roles = Roles.Provider;
string[] rolesArr = roles.GetRolesForUser(username);