provided by Microsoft Whether to use the platform or not, the role extends the base classes and plays its own role.
I have decided to expand the default providers and implement their membership and role providers. Now my question is, especially around role authentication.
Traditionally, you probably play a role like 'manager, administrator, employee, super user' or whatever you have. But what should you do about permissions / which I consider to be better grains of control? Expand me ....
Within my asp.net mvc site, I have various areas like Administration, Management, Messaging, Reporting etc. I play a role for each of them like 'Administrators', 'Managers', 'Reporter' etc. Without a proper role, you can not access that area of the site. That's why I will shut down the entire controllers at the classroom level.
But now take an example as an example; Message, and say that I wanted better grains permission for CRUD; Create a message, view / read messages, edit message, delete message, etc.
How would it be best to implement this better grain of my question control? One approach which I see (not sure it's a good one), just for everything, ASPNS
Messenger (wide-ranging role), MakeMessage, Readmece, Edit Message, Delete Message
On the one hand I want some users to read / see the message but do not necessarily create or delete them. Specific roles may apply in personal control tasks.
Do you see any problem with this approach? Do you have a better idea?
Solution so far
I have decided to make my own schema and apply custom membership and role providers.
Div class = "text-post" itemprop = "text">
I think that you should forget about the roles on the authorization system, ask instead for permissions (in the end there is a suppression of permissions permissions), so if you see this, your authorized attribute should ask for a unit and action, not any There is something for the remaining role:
[Authorize (create organizations, messages, actions)] Make Public Action Messages () [Authorize (Institutions, Messages, Actions, Edits)] Public Actions Edit Message () (Authorize (So your roles store the best permissions, instead of defining the inflexible way of access level, what they do. P>
Edit: David Robbins is not allowed to remove messages created by Manager B. to handle the specific rules given by Manager A, assuming that both of them have the necessary permissions to access this controller. Action is not authorized to investigate these types of rules, and even if you try to check that it is at the action filter level If you have pain, you can do ActionResult (an action parameter is holding the injection verification result), and make the decision of the ActionResult logic there with one
There is a similar question, right here It is not the case, but it is a good starting point for expanding authorized validation with action parameters.