A workaround for this is to manually decorate the ClaimsPrincipal with role-claims like in Adis' blogpost: http://adisdelalic.wordpress.com/2010/09/15/episerver-and-claims-based-security/
This gives some challenges in CMS 6 R2 when keeping track of virtual roles vs. roles from claims.
I blogged about using custom role/membership providers with WIF:
I am using this on a project at the moment (still in dev right now).
In our CMS 6 solution, we were relying on EPiServer to call our custom ClaimsRoleProvider for us, and that worked out fine, until the upgrade to R2.
Now we just need to call the provider ourselves as you (and Adis) have shown.
We have a claims-based authentication solution set up pretty much like in Ben's post:
We have custom role- and membership-providers for storing role-information in SQL when a user is offline.
After upgrading from CMS 6 to CMS 6 R2, our custom role- and membership-providers are no longer called, so login always fails.
As an experiment, I setup an out-of-the-box EPiServer 6 site with "Demo Templates" and added the WIF-configuration in Ben's post. I added a custom WindowsRoleProvider to simply log calls to GetRolesForUser. The role-provider would get called when logging in to the site.
But, after upgrading the demo-site to R2 with Deployment Center, the role-provider would never get called again.
After removing the 2 HTTP-modules:
Is there a way to use custom role/membership-providers in a claims-based solution with CMS 6 R2 ?