Virtual role claims are not added correctly for all identity types

Found in

EPiServer.CMS.Core 7.14.0

Fixed in

EPiServer.CMS.Core 11.3.0

Created

Nov 17, 2017

Updated

Dec 18, 2017

Area

CMS Core

State

Closed, Fixed and tested


Description

Virtual role claims are not added correctly for all identity types. The RoleClaimType property on ClaimIdentity specifies which role type a specific identity uses. However, claims for Virtual Roles are always added with role claim type System.Security.Claims.ClaimTypes.Role.

As a result, if claim identities have a RoleClaimType that is different from System.Security.Claims.ClaimTypes.Role, virtual role claims are added with the wrong RoleClaimType. So, IsInRole("virtual role") returns false for that principal.