Hi Andrei,
I suspect this is an issue with Identity and Owin rather than DXC as such. The criteria in the Criteria Pack were originally written for Episerver 6 and so all users and roles were managed through the membership/role providers rather than identity. I think the problem lies in RoleModel.cs where there's a SelectionFactory which pull roles from the role providers:
public class RoleSelectionFactory : ISelectionFactory { #region ISelectionFactory Members public IEnumerable<System.Web.Mvc.SelectListItem> GetSelectListItems(Type property) { //Return list of Roles //VirtualRoles.GetAllRoles() return RoleProviderUtility.GetAllRolesWithProviders().Select(ri => ri.RoleName).Union(VirtualRoles.GetAllRoles()).Select(s => new System.Web.Mvc.SelectListItem() { Text = s, Value = s }); } #endregion }
The approach I took to resolving this was to create my own version of that criterion and not use the one from criteria pack. You can download the source code of the criteria in criteriapack from here:
https://archive.codeplex.com/?p=criteriapack
All you then need to do is to amend the RoleSelectionFactory to pull roles from Owin instead of the role provider, something like this:
public class RoleSelectionFactory : ISelectionFactory { #region ISelectionFactory Members public IEnumerable<SelectListItem> GetSelectListItems(Type property) { //Return list of Roles var owinContext = HttpContext.Current.GetOwinContext(); var roleMngr = owinContext.Get<ApplicationRoleManager<ApplicationUser>>(); var roles = roleMngr.Roles.Select(x => x.Name).ToList(); roles.AddRange(VirtualRoles.GetAllRoles()); return roles.Select(x => new SelectListItem { Text = x, Value = x }); } #endregion }
Hi Paul,
Thanks for the quick response. As far as I understand RoleSelectionFactory is responsible for showing available roles in Visitor Group configuration. In our case all needed groups are shown correctly.
The issue appears when we checking current principal for a role. So e.g. unauthorised user is not in Anonymous role.
BTW EPiServer.VisitorGroupsCriteriaPack works fine on local machine and on virtual machine but not in Azure.
Hi Andrei,
From your initial post, I didn't know whether the issue was with creating the visitor group or evaluating it but that clears it up. If the issue is when evaluating membership of a given virtual role then, depending on how you've set up your logins, you could try modifying the <virtualRoles> inside the EPiServer.Framework config to this:
<virtualRoles addClaims="false" replacePrincipal="true">
as described here (bear in mind the limitations though):
https://world.episerver.com/documentation/developer-guides/CMS/security/Virtual-roles/
Alternatively there is a simpler option - Rather than creating a visitor group which is "In role Anonymous" you could create the group as "Not in role Authenticated" which does the same but should work without any further modification.
Hi Paul,
For some reason today everything works as expexted. The ticket can be closed. Sorry for inconvinience.
Good day,
We would like to use Visitor Groups Criteria Pack's Role visitor group to show/hide some links for authenticated/anonymous users. And we have noticed that it doesn't work in DXC. Does anybody knows if it should be working properly or ir is not supported in DXC?