Managing roles from the MVC application

Copy to clipboard

After you integrate Xperience membership into your MVC live site project, you can use the ASP.NET Identity API to add or remove Xperience roles for users. For example, this allows you to assign roles to new users immediately after registration.

Note: If you only wish to manage roles manually, you do not need to write any code. Use the Roles or Users application in the Xperience administration interface (see Role management).

To use the available role management methods:

  • Prepare a property that gets an instance of the Kentico.Membership.KenticoUserManager class for the current request – call HttpContext.GetOwinContext().Get<KenticoUserManager>().
  • Get the ID of the user whose roles you wish to manage (the methods require the ID as a parameter).



using System.Web;

using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.Owin;

using Kentico.Membership;







        /// <summary>
        /// Provides access to the Kentico.Membership.KenticoUserManager instance.
        /// </summary>
        public KenticoUserManager KenticoUserManager
        {
            get
            {
                return HttpContext.GetOwinContext().Get<KenticoUserManager>();
            }
        }

        /// <summary>
        /// Gets the Kentico.Membership.User representation of the currently signed in user.
        /// You can use the object to access the user's ID, which is required by the role management methods.
        /// </summary>
        public User CurrentUser
        {
            get
            {
                return KenticoUserManager.FindByName(User.Identity.Name);
            }
        }

To add roles, call the AddToRolesAsync method of the KenticoUserManager instance. You can add one or more roles, each specified by a separate string parameter (equal to the corresponding role name).




                        // Attempts to assign the current user to the "KenticoRole" and "CMSBasicUsers" roles
                        IdentityResult addResult = await KenticoUserManager.AddToRolesAsync(CurrentUser.Id, "KenticoRole", "CMSBasicUsers");

To remove roles, call the RemovesFromRolesAsync method of the KenticoUserManager instance. You can remove one or more roles, each specified by a separate string parameter.




                    // Attempts to remove the "KenticoRole" and "CMSBasicUsers" roles from the current user
                    IdentityResult removeResult = await KenticoUserManager.RemoveFromRolesAsync(CurrentUser.Id, "KenticoRole", "CMSBasicUsers");

To check whether a user is in a given role, call the IsInRoleAsync method of the KenticoUserManager instance.




            // Checks whether the current user is assigned to the "KenticoRole" role
            if (await UserManager.IsInRoleAsync(CurrentUser.Id, "KenticoRole"))
            {
                // ...
            }

Note: You cannot use the ASP.NET Identity API to remove roles assigned to users indirectly through Xperience memberships.

Managing membership data through the Xperience API

In addition to the ASP.NET Identity API, you can alternatively work with Xperience membership data using the API within the CMS.Membership namespace (provided as part of the Kentico.Xperience.Libraries integration package).