Hi,
I'm working with the sample Web API template from VS2013. I created a new project that supported Individual Account for the authentication provider. This gives me an oAuth2 implementation.
In the controller that is marked with the [Authorize] attribute I want to use the User.IsInRole("") before doing the work. However, this has raised two questions:
1. Should I be using Claims rather than roles? (Might need to read up on this one!!)
2. When are roles added to the identity? Are they added in the GrantResourceOwnerCredentials override in my oAuth provider class?
Thanks.
