I'm porting from SQL membership to identity.
In SQL membership, I had a folder that was restricted to users in a certain role ("zRedRole"). I did this by putting the following web.config in that folder:
<?xml version="1.0"?><configuration><system.web><authorization><allow roles="zRedRole"/><deny users="*"/></authorization></system.web></configuration>
This did not work in IDENTITY. As part of testing, I did a 'logout' which calls:
IdentityHelper.SignOut()
and then I went to the home page, and clicked a link to try to access pages in the folder that is meant only for users who are associated with the role "zRedRole". I should have been immediately be directed to the login page when this happened, but instead, the website tried to display the restricted page.
Why is the page not blocked? Why doesn't a web.config that does the job in SQL Membership also do the job in IDENTITY? Or is it possible I'm not signed out?
Thanks
Ooops - just found the answer - cannot use IdentityHelper.signout, but can use:
Public Shared Sub Logout()
Dim authenticationManager = HttpContext.Current.GetOwinContext().Authentication
authenticationManager.SignOut()
End Sub