Maybe I've overlooked this somewhere in the "documentation" for ASP.NET Identity (2.2.1), but I'm struggling to see the point in creating a controller and interfaces for managing Roles. I understand the point of managing users (CRUD + Assigning Roles), but as far as a CRUD for roles just doesn't make sense to me unless there's a way to dynamically detect access (IsInRole) for a controller at runtime. I have two questions:
1] Is there a point in dedicating the resources and time to create the CRUD for roles when you would have to configure the application in code in the first place to set the Authorize
attribute to even set the role that should have access?
and
2] Is there a way to capture the moment in which the user requests an action from a controller or even the the instance of the controller as to possibly check permissions at that point from the DB?