Extend Role base Security

Oct 10, 2014 at 2:01 AM
Hi Identity Team,

Recently, I need to build a permission module, and I found AspNet.Identity has been included in vs 2013 as the default security management module, and I think this is great. I konw lots of great feature has been blended into Identity, like Open Authentication, Entity Framework Code First etc.
However, I want to extend the it's functionality, not on the role level, instead I want it to be on the page level or button level(I'm using Asp.Net, not mvc). I've checked part of Identity code using reflactor tool, I create a my own ApplicationRole class, which is derived from IdentityRole. Just for testing, I add a description property in my class, and then do nothing.
Then I use migration command in the package console to update database. The result is not as I expected, two columns have been added into AspNetRole table, one is Decription, another is Discrimination. I don't why? I also didn't override OnModelCreating method to use my class instead of IdentityRole class. So, in the Identity assembly, is there a place to detect whether user will write new class, which is derived from default, and then use the new class as the default one? If so, where does the Discrimination column come from?