This project is read-only.

Microsoft.AspNet.Identity.EntityFramework: clarification of Roles vs Claims needs to occur

Jun 27, 2014 at 8:29 PM
Why is there a RoleStore but no ClaimStore?
Why do I have to create a UserStore with TUserRole?

Roles may be needed for backwards compatibility with previous identity frameworks (like Membership) but if Claims are a superset of Roles, should I not be able to move forward with just using Claims?

If only using Claims is possible isn't an IsInRoleAsync method needed in IUserClaimStore? (which would only work with claimtype role)

My only implemented class choice is either UserStore<TUser> or UserStore<TUser, TRole, TKey, TUserLogin, TUserRole, TUserClaim>. If I don't want to use roles I'd need to implement my own version of UserStore<TUser, TRole, TKey, TUserLogin, TUserClaim> (without TUserRole)

ASP.NET Identity is so fluid right now that is hard to understand where it is going. What are the plans for a claims-based system that only uses roles as a type of claim?
Jun 30, 2014 at 6:51 PM
Edited Jun 30, 2014 at 6:52 PM
After further research it appears that I would need to do at least the following to remove Roles and only use Claims. Are there any plans to make something like this available in the implementation of Microsoft.AspNet.Identity.EntityFramework? IMO this should be the default implementation from which you could derive UserStore<TUser, TRole, TKey, TUserLogin, TUserRole, TUserClaim>.

public class IdentityUser<TKey, TLogin, TClaim> : IUser<TKey>
where TLogin : IdentityUserLogin<TKey>
where TClaim : IdentityUserClaim<TKey>
public class IdentityRole<TKey, TUserClaim> : IRole<TKey>
where TUserRole : IdentityUserClaim<TKey>
Implement (IUserRoleStore needs to be implemented for access to IsInRoleAsync and to store the roles in the Claims table instead of in the UserRoles table)
public class UserStore<TUser, TRole, TKey, TUserLogin, TUserClaim> :
    IUserLoginStore<TUser, TKey>, 
    IUserClaimStore<TUser, TKey>,
    IUserRoleStore<TUser, TKey>,
    IUserPasswordStore<TUser, TKey>, 
    IUserSecurityStampStore<TUser, TKey>,
    IQueryableUserStore<TUser, TKey>,
    IUserEmailStore<TUser, TKey>, 
    IUserPhoneNumberStore<TUser, TKey>,
    IUserTwoFactorStore<TUser, TKey>,
    IUserLockoutStore<TUser, TKey>, 
    IUserStore<TUser, TKey>, IDisposable 
where TUser : IdentityUser<TKey, TUserLogin, TUserClaim>
where TRole : IdentityRole<TKey, TUserClaim>
where TKey : Object, IEquatable<TKey>
where TUserLogin : new(), IdentityUserLogin<TKey>
where TUserClaim : new(), IdentityUserClaim<TKey>
Implement (IRoleStore needs to be implemented to store the role names available)
public class RoleStore<TRole, TKey, TUserClaim> : IQueryableRoleStore<TRole, TKey>, 
    IRoleStore<TRole, TKey>, IDisposable 
where TRole : new(), IdentityRole<TKey, TUserClaim>
where TUserClaim : new(), IdentityUserClaim<TKey>