The MappedRole virtual role exposes a Roles property. So you can use IVirtualRoleRepository.TryGetRole then cast the result to the EPiServer.Security.MappedRole type then access the Roles property. 

I'm curious to know why you would want to do this though? As a developer you configure the application therefore configure the roles attribute so should know the roles without having to do a programmatic lookup?

we are using external identity provider but have to handle permissions and roles in episerver.. 

Example i would like to have role for one of the sites that can edit and get access to cms

<add name="Site1Editors" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebEditors" mode="Any" />

Just from looking at the role i dont know what that role is and if i should add some others claims needed to enter the edit mode.. 

Also i found that by adding user to Site1Editors does not add them automatically to WebEditors, so questions is if i have to add them manually to WebEditors?.. they cant access edit mode without being in WebEditors or Site1Editors be added to the edit path of cms.. i thought roles="WebEditors" did just that but looks like it does not.. 

Maybe im not on the right way here.. 
 

Hi

I think you might have gotten the config backwards. The config line you mentioned above will add a new virtual role called Site1Editors. And in order to be part of that role the user needs to be part of the role WebEditors.

I wonder if the thing you want to do is this

<add name="CmsEditors" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebEditors, Site1Editors" mode="Any" />

That will make it so that any user that is part of the Site1Editors role (which ever system it comes from) will be considered to be part of the CmsEditors role.

Also, I suggest to look at the <location path="EPiServer"> section in your web.config to see what roles are allow to access it.

Regards

Per Gunsarfs

Thanks Per, 
yeah, you were right, now it works how i wanted it to work :), had to think from the right direction as you said

I post the solution to my original question even tho i wont be using it anymore since Per´s answer solved my problem :).. 

var _virtualRoleRepository = ServiceLocator.Current.GetInstance<IVirtualRoleRepository>();

VirtualRoleProviderBase MyVirtualRole = new MappedRole();
_virtualRoleRepository.TryGetRole("CmsAdmins", out MyVirtualRole);

var newMappedRole = MyVirtualRole as MappedRole; //have to cast it to MappedRole to get .Roles

if (newMappedRole != null && newMappedRole.Roles.Any())
{

foreach (var roles in newMappedRole.Roles)
{
//do something with the roles if you need to
}
}