First problem, that after applying the roles, they are not updated is because RoleManager manages the CRUD operations of the roles, which means managing them in the database. In order for the user to have those roles "applied" for the current request, they need to be inserted as claims when the actual request is authenticated.
LoginCompleted event is not the right place to do, since the user at that point is verified (his credentials are verified) but the request is still not authenticated.
What you need to do in order to achieve the scenario you want is to inherit SFClaimsAuthenticationManager and override its Authenticated method. In the overridden method you call the base.Authenticate and you will get the user principal, which contains all the claims about the current request. There you can manipulate the roles (add/remove) and they will be applied immediately for the current request. Note that you go through this method only once, after the user has been verified and while the request is being authenticated. See the an example of how to implement it:
CustomSFClaimsAuthenticationManager : SFClaimsAuthenticationManager
resourceName, Microsoft.IdentityModel.Claims.IClaimsPrincipal incomingPrincipal)
var principal =
var value = String.Concat(roleId,
Claim(SitefinityClaimTypes.Role, value, ClaimValueTypes.String, issuer, issuer));
Also, do not forget to register the custom authentication manager in the web.config:
I hope this example solves your issue. Feel free to contact us again if any troubles arise.
Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Sitefinity CMS Ideas&Feedback Portal
and vote to affect the priority of the items