How to create roles in ASP NET Core and assign them to users

Question

I am using the ASP NET Core default website template and have the authentication selected as  quot Individual User Accounts quot   How can I create roles and assign it to users so that I can use the roles in a controller to filter access

User · Answer

I use this  DI    public class IdentitySeed       private readonly ApplicationDbContext  context      private readonly UserManager lt ApplicationUser gt   userManager      private readonly RoleManager lt ApplicationRole gt   rolesManager      private readonly ILogger  logger       public IdentitySeed          ApplicationDbContext context          UserManager lt ApplicationUser gt  userManager          RoleManager lt ApplicationRole gt  roleManager           ILoggerFactory loggerFactory             context   context           userManager   userManager           rolesManager   roleManager           logger   loggerFactory CreateLogger lt IdentitySeed gt                public async Task CreateRoles             if  await  context Roles AnyAsync        not waste time              logger LogInformation  Exists Roles                 return                    var adminRole    Admin           var roleNames   new String     adminRole   Manager    Crew    Guest    Designer              foreach  var roleName in roleNames                var role   await  rolesManager RoleExistsAsync roleName               if   role                    var result   await  rolesManager CreateAsync new ApplicationRole   Name   roleName                                         logger LogInformation  Create  0    1    roleName  result Succeeded                                      administrator         var user   new ApplicationUser               UserName    Administrator               Email    something something com               EmailConfirmed   true                    var i   await  userManager FindByEmailAsync user Email           if  i    null                var adminUser   await  userManager CreateAsync user   Something                 if  adminUser Succeeded                    await  userManager AddToRoleAsync user  adminRole                                       logger LogInformation  Create  0    user UserName                                         By  Luis Harvey Triana Vega

User · Answer

In Configure method declare your role manager  Startup  public void Configure IApplicationBuilder app  IWebHostEnvironment env  RoleManager lt IdentityRole gt  roleManager                if  env IsDevelopment                          app UseDeveloperExceptionPage                       app UseHttpsRedirection             app UseRouting             app UseAuthorization             app UseEndpoints endpoints   gt                        endpoints MapControllers                         Task Run     gt this CreateRoles roleManager   Wait                private async Task CreateRoles RoleManager lt IdentityRole gt  roleManager                foreach  string rol in this Configuration GetSection  quot Roles quot   Get lt List lt string gt  gt                           if   await roleManager RoleExistsAsync rol                                 await roleManager CreateAsync new IdentityRole rol                                   OPTIONAL - In appsettings JSON  it depends on you where you wanna get roles from     quot Roles quot      quot SuperAdmin quot    quot Admin quot    quot Employee quot    quot Customer quot

User · Answer

The following code will work ISA       public void Configure IApplicationBuilder app  IHostingEnvironment env  ILoggerFactory loggerFactory           IServiceProvider serviceProvider                loggerFactory AddConsole Configuration GetSection  Logging             loggerFactory AddDebug             if  env IsDevelopment                          app UseDeveloperExceptionPage                app UseDatabaseErrorPage                app UseBrowserLink                      else                       app UseExceptionHandler   Home Error                       app UseStaticFiles             app UseIdentity                Add external authentication middleware below  To configure them please see https   go microsoft com fwlink  LinkID 532715          app UseMvc routes   gt                        routes MapRoute                  name   default                   template    controller Home   action Index   id                           CreateRolesAndAdminUser serviceProvider              private static void CreateRolesAndAdminUser IServiceProvider serviceProvider                const string adminRoleName    Administrator           string   roleNames     adminRoleName   Manager    Member              foreach  string roleName in roleNames                        CreateRole serviceProvider  roleName                         Get these value from  appsettings json  file          string adminUserEmail    someone22 somewhere com           string adminPwd     AStrongP1 ssword            AddUserToRole serviceProvider  adminUserEmail  adminPwd  adminRoleName                   lt summary gt          Create a role if not exists           lt  summary gt           lt param name  serviceProvider  gt Service Provider lt  param gt           lt param name  roleName  gt Role Name lt  param gt      private static void CreateRole IServiceProvider serviceProvider  string roleName                var roleManager   serviceProvider GetRequiredService lt RoleManager lt IdentityRole gt  gt              Task lt bool gt  roleExists   roleManager RoleExistsAsync roleName           roleExists Wait             if   roleExists Result                        Task lt IdentityResult gt  roleResult   roleManager CreateAsync new IdentityRole roleName                roleResult Wait                              lt summary gt          Add user to a role if the user exists  otherwise  create the user and adds him to the role           lt  summary gt           lt param name  serviceProvider  gt Service Provider lt  param gt           lt param name  userEmail  gt User Email lt  param gt           lt param name  userPwd  gt User Password  Used to create the user if not exists  lt  param gt           lt param name  roleName  gt Role Name lt  param gt      private static void AddUserToRole IServiceProvider serviceProvider  string userEmail           string userPwd  string roleName                var userManager   serviceProvider GetRequiredService lt UserManager lt ApplicationUser gt  gt              Task lt ApplicationUser gt  checkAppUser   userManager FindByEmailAsync userEmail           checkAppUser Wait             ApplicationUser appUser   checkAppUser Result           if  checkAppUser Result    null                        ApplicationUser newAppUser   new ApplicationUser                               Email   userEmail                  UserName   userEmail                             Task lt IdentityResult gt  taskCreateAppUser   userManager CreateAsync newAppUser  userPwd               taskCreateAppUser Wait                 if  taskCreateAppUser Result Succeeded                                appUser   newAppUser                                   Task lt IdentityResult gt  newUserRole   userManager AddToRoleAsync appUser  roleName           newUserRole Wait

User · Answer

Temi s answer is nearly correct  but you cannot call an asynchronous function from a non asynchronous function like he is suggesting   What you need to do is make asynchronous calls in a synchronous function like so        public void Configure IApplicationBuilder app  IHostingEnvironment env  ILoggerFactory loggerFactory  IServiceProvider serviceProvider                loggerFactory AddConsole Configuration GetSection  Logging             loggerFactory AddDebug             if  env IsDevelopment                          app UseDeveloperExceptionPage                app UseDatabaseErrorPage                app UseBrowserLink                      else                       app UseExceptionHandler   Home Error                       app UseStaticFiles             app UseIdentity                Add external authentication middleware below  To configure them please see https   go microsoft com fwlink  LinkID 532715          app UseMvc routes   gt                        routes MapRoute                  name   default                   template    controller Home   action Index   id                           CreateRoles serviceProvider               private void CreateRoles IServiceProvider serviceProvider                 var roleManager   serviceProvider GetRequiredService lt RoleManager lt IdentityRole gt  gt             var userManager   serviceProvider GetRequiredService lt UserManager lt ApplicationUser gt  gt             Task lt IdentityResult gt  roleResult          string email    someone somewhere com              Check that there is an Administrator role and create if not         Task lt bool gt  hasAdminRole   roleManager RoleExistsAsync  Administrator            hasAdminRole Wait             if   hasAdminRole Result                        roleResult   roleManager CreateAsync new IdentityRole  Administrator                 roleResult Wait                         Check if the admin user exists and create it if not           Add to the Administrator role          Task lt ApplicationUser gt  testUser   userManager FindByEmailAsync email           testUser Wait             if  testUser Result    null                        ApplicationUser administrator   new ApplicationUser                administrator Email   email              administrator UserName   email               Task lt IdentityResult gt  newUser   userManager CreateAsync administrator    AStrongP ssword                 newUser Wait                 if  newUser Result Succeeded                                Task lt IdentityResult gt  newUserRole   userManager AddToRoleAsync administrator   Administrator                    newUserRole Wait                                     The key to this is the use of the Task lt   class and forcing the system to wait in a slightly different way in a synchronous way

User · Answer

Update in 2020  Here is another way if you prefer    IdentityResult res   new IdentityResult     var  role   new IdentityRole      role Name   role RoleName    res   await  roleManager CreateAsync  role     if   res Succeeded              foreach  IdentityError er in res Errors                         ModelState AddModelError string Empty  er Description                       ViewBag UserMessage    Error Adding Role            return View          else             ViewBag UserMessage    Role Added           return View

User · Answer

My comment was deleted because I provided a link to a similar question I answered here  Ergo  I ll answer it more descriptively this time  Here goes   You could do this easily by creating a CreateRoles method in your startup class  This helps check if the roles are created  and creates the roles if they aren t  on application startup   Like so   private async Task CreateRoles IServiceProvider serviceProvider                  initializing custom roles          var RoleManager   serviceProvider GetRequiredService lt RoleManager lt IdentityRole gt  gt             var UserManager   serviceProvider GetRequiredService lt UserManager lt ApplicationUser gt  gt             string   roleNames      Admin    Manager    Member             IdentityResult roleResult           foreach  var roleName in roleNames                        var roleExist   await RoleManager RoleExistsAsync roleName               if   roleExist                                  create the roles and seed them to the database  Question 1                 roleResult   await RoleManager CreateAsync new IdentityRole roleName                                       Here you could create a super user who will maintain the web app         var poweruser   new ApplicationUser                        UserName   Configuration  AppSettings UserName                Email   Configuration  AppSettings UserEmail                     Ensure you have these values in your appsettings json file         string userPWD   Configuration  AppSettings UserPassword            var  user   await UserManager FindByEmailAsync Configuration  AppSettings AdminUserEmail             if  user    null                       var createPowerUser   await UserManager CreateAsync poweruser  userPWD               if  createPowerUser Succeeded                                  here we tie the new user to the role                 await UserManager AddToRoleAsync poweruser   Admin                                    and then you could call the CreateRoles serviceProvider  Wait    method from the Configure method in the Startup class   ensure you have IServiceProvider as a parameter in the Configure class   Using role-based authorization in a controller to filter user access  Question 2  You can do this easily  like so    Authorize Roles  Manager    public class ManageController   Controller                 You can also use role-based authorization in the action method like so  Assign multiple roles  if you will   Authorize Roles  Admin  Manager    public IActionResult Index                        While this works fine  for a much better practice  you might want to read about using policy based role checks  You can find it on the ASP NET core documentation here  or this article I wrote about it here

User · Answer

I have created an action in the Accounts controller that calls a function to create the roles and assign the Admin role to the default user   You should probably remove the default user in production       private async Task CreateRolesandUsers                   bool x   await  roleManager RoleExistsAsync  quot Admin quot            if   x                           first we create Admin rool                 var role   new IdentityRole                role Name    quot Admin quot               await  roleManager CreateAsync role                  Here we create a Admin super user who will maintain the website                                 var user   new ApplicationUser                user UserName    quot default quot               user Email    quot default default com quot                string userPWD    quot somepassword quot                IdentityResult chkUser   await  userManager CreateAsync user  userPWD                  Add default User to Role Admin                 if  chkUser Succeeded                                var result1   await  userManager AddToRoleAsync user   quot Admin quot                                        creating Creating Manager role              x   await  roleManager RoleExistsAsync  quot Manager quot            if   x                        var role   new IdentityRole                role Name    quot Manager quot               await  roleManager CreateAsync role                         creating Creating Employee role              x   await  roleManager RoleExistsAsync  quot Employee quot            if   x                        var role   new IdentityRole                role Name    quot Employee quot               await  roleManager CreateAsync role                  After you could create a controller to manage roles for the users

User · Answer

In addition to Temi Lajumoke s answer  it s worth noting that after creating the required roles and assigning them to specific users in ASP NET Core 2 1 MVC Web Application  after launching the application  you may encounter a method error  such as registering or managing an account      InvalidOperationException  Unable to resolve service for type    Microsoft AspNetCore Identity UI Services IEmailSender  while   attempting to activate    WebApplication Areas Identity Pages Account Manage IndexModel     A similar error can be quickly corrected in the ConfigureServices method by adding the AddDefaultUI   method   services AddIdentity lt IdentityUser  IdentityRole gt      services AddDefaultIdentity lt IdentityUser gt         AddEntityFrameworkStores lt ApplicationDbContext gt             AddDefaultUI            AddDefaultTokenProviders      Check    https   blogs msdn microsoft com webdev 2018 03 02 aspnetcore-2-1-identity-ui    and  related topic on github     https   github com aspnet Docs issues 6784 for more information   And for assigning role to specific user could be used IdentityUser class instead of ApplicationUser

[c#] How to create roles in ASP.NET Core and assign them to users?

Examples related to c#

Examples related to asp.net

Examples related to asp.net-mvc

Examples related to asp.net-core

Examples related to asp.net-identity-3