Managing roles from MVC applications

After you integrate Kentico membership into your MVC live site project, you can use the ASP.NET Identity API to add or remove Kentico roles for users. For example, this allows you to assign roles to new users immediately after registration.

Note: If you only wish to manage roles manually, you do not need to write any code. Use the Roles or Users application in the Kentico administration interface (see Role management).

To use the available role management methods:

  • Prepare a property that gets an instance of the Kentico.Membership.UserManager class for the current request – call HttpContext.GetOwinContext().Get<UserManager>().
  • Get the ID of the user whose roles you wish to manage (the methods require the ID as a parameter).



using System.Web;

using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.Owin;

using Kentico.Membership;






        /// <summary>
        /// Provides access to the Kentico.Membership.UserManager instance.
        /// </summary>
        public UserManager UserManager
        {
            get
            {
                return HttpContext.GetOwinContext().Get<UserManager>();
            }
        }

        /// <summary>
        /// Gets the Kentico.Membership.User representation of the currently signed in user.
        /// You can use the object to access the user's ID, which is required by the role management methods.
        /// </summary>
        public User CurrentUser
        {
            get
            {
                return UserManager.FindByName(User.Identity.Name);
            }
        }



To add roles, call the AddToRolesAsync method of the UserManager instance. You can add one or more roles, each specified by a separate string parameter (equal to the corresponding role name).




                        // Attempts to assign the current user to the "KenticoRole" and "CMSBasicUsers" roles
                        IdentityResult addResult = await UserManager.AddToRolesAsync(CurrentUser.Id, "KenticoRole", "CMSBasicUsers");



To remove roles, call the RemovesFromRolesAsync method of the UserManager instance. You can remove one or more roles, each specified by a separate string parameter.




                    // Attempts to remove the "KenticoRole" and "CMSBasicUsers" roles from the current user
                    IdentityResult removeResult = await UserManager.RemoveFromRolesAsync(CurrentUser.Id, "KenticoRole", "CMSBasicUsers");



To check whether a user is in a given role, call the IsInRoleAsync method of the UserManager instance.




            // Checks whether the current user is assigned to the "KenticoRole" role
            if (await UserManager.IsInRoleAsync(CurrentUser.Id, "KenticoRole"))
            {
                // ...
            }



Note: You cannot use the ASP.NET Identity API to remove roles assigned to users indirectly through Kentico memberships.

Managing membership data through the Kentico API

In addition to the ASP.NET Identity API, you can alternatively work with Kentico membership data using the API within the CMS.Membership namespace (provided as part of the Kentico.Libraries integration package).