Vulnerability in EPiServer.Forms
We installed the Visitor Group Criteria pack in hopes that the we could use the roles but it is not working the way that we expect. We get our roles from an API and sync it to Opti when a user logs in. The roles that are listing in the drop down of the visitor group does not match that which is available in CMS groups. Is there a way through code to look at the user profile to get the roles to assign users to a visitor group?
Yes you can, you would need to create your own visitor group criterion.
You could use an exact match and enter the desired role.
You would then write logic to look up the current users roles, presuming you store them in current session/claims/cookie, and if it matches then they would fulfil the criteria.