public IEnumerable <Claim> GetClaimsForUser(Guid userId) { var user = Users.Get(userId); if (user == null) { throw new ArgumentException(nameof(userId) + "does not belong to any user"); } var roleId = user.RoleId; if (!roleId.HasValue) { throw new ArgumentException("user with given " + nameof(userId) + " does not belong to any role, and therefore has no claims."); } var claims = RoleClaims.GetClaimsForRole(roleId.Value); return(claims); }