I can setup custom membership easily enough, but what if I need two sets i.e. admin for control panel and registered for logged on customers. This would mean two seperate tables to get users from. My question is how can I integrate the two to control through 1 custom membership and how can I authenticate on the controller for the 2?
You wouldn't separate users this way, you'd implement a custom role provider and allocate these roles to the user. So say you have created two roles admin and user you'd set an attribute to your controller like so:
Admin page controller
[Authorize(Roles = "Admin")]
public ActionResult AdminAction() { }
User page controller
[Authorize(Roles = "User")]
public ActionResult UserAction() { }
If you wanted your administrators to view all logged in user pages, you'd simply just assign the user role to your administrators.
Related
Basically i want to do this IMGUR
[Authorize(Roles = "Admin" )] <= Currently it's like this.
[Authorize(Roles = "Admin","SuperAdmin" )] <= I want to make it like this.
Basically i want to assign 2 identity roles at once to the same Controller,but I'm not sure how to format it properly. I made 2 identity roles, Admin and SuperAdmin, so i want SuperAdmin to be able to access everything that Admin can, so that's why i need to assign 2 identity roles on the same stuff.
Make it [Authorize(Roles = "Admin, SuperAdmin")]
often we attach role with action like below way
[Authorize(Roles = "Admin, SuperUser")]
[Authorize(Users="Jacquo, Steve", Roles="Admin, SuperUser")]
Users : Comma-separated list of usernames that are allowed to access the action method.
Roles : Comma-separated list of role names. To Access the action method, users must be in at least one of these roles.
[Authorize(Roles = "Producer")]
[Authorize(Roles = "Admin")]
public ActionResult Details(int id) {
// Only available to users who are Producers AND Editors
}
now see authorize and role name is hard coded with action method. suppose action Details is associated with admin role which is hard coded but how could i attach more role to details action or remove any role from details action at run time. i guess it is not possible because asp.net mvc not providing anything built in.
i search google to see that anyone does it anything such as what i am looking for. unfortunately found no similar write up.
so i need some guidance that how could i develop a UI from where admin can associate role with action instead of hard coding at development time.
so tell me your think how could i associate a role or multiple roles with action from a custom UI.
also tell me how could i check at run time that user has that role when user try to access a specific action.
please discuss in details for designing this part what i am looking for. still it is not clear to you what i am looking for then tell me i will try to explain the same in more details.
thanks
First: in every controller you should create a user object in controller constructor. like this:
public class MyController : Controller
{
ApplicationUser user;
public MyController ()
{
user = System.Web.HttpContext.Current.GetOwinContext().GetUserManager<ApplicationUserManager>().FindById(System.Web.HttpContext.Current.User.Identity.GetUserId());
}
Then you could use user object anywhere in your controller methods.
"how could i develop a UI from where admin can associate role": in razor view use :
#if (User.IsInRole("Admin"))
{}
"how could i associate a role or multiple roles with action from a custom UI":
No need to that. When you create user in controller, you have access user all roles in controller methods.
"how could i check at run time that user has that role":
Use
if(user.IsInRole("Admin"))
I am new to MVC, but I have a good experience in C# Winforms, Database Designing and normalization.
I want to define a User and his roles dynamically, using MVC.
Detailed Description
There is an Organization with the Head Of Department(HOD).
There are several branch offices and each office have a Branch Head Officer Working under HOD.
Each Branch Officer has a power to Assign Different Accessibility to his employees. For Eg: A Cashier can also have an access to Generate Bills.
My Problems are:
HOD(Admin) Will Create A Branch Officer(BO).HOD Will Have Access To all the defined Actions in All the controller.
How BO Can create a User that can have access only to the "Controllers's Actions" defined by the BO , and What If the Second Level User Want to create another third level user
BO and his descendants will have access only to their Branch Office. They cannot see Any details of another Branch, but HOD can view any detail of any Branch. (I want this Authorization at Server Side to avoid Cross Site Scripts)
Please guide Me, How Can I Implement This Model of Multi Access Level And Dynamic Role Management?
I have searched a lot but Couldn't found anything that can help me. BTW This Project is Employee Management System that includes Payroll, Leave Management, Employee Service Book etc.
Thanks in advance.
Just for guidance not to be take as a 100% solution.
If you are using MVC 5 you can use ASP.NET Identity Core
There are two common authorization approaches that are based on Role and Claim.
This is role based authentication. So basically you create roles as per your requirement, then you assign those roles to users. So the user immediately gets all the access rights defined for that role.
In your database:
You will have a list of users in AspNetUsers table
List of Roles in AspNetRoles table --> Admin, Branch Manager, Manager etc
Then finally decorate your controller or action with [Authorize(Roles="Admin, etc")]
[Authorize(Roles = "Admin")]
public ActionResult TestMethod()
{
ViewBag.Message = "This View is designed for the Admin's";
return View();
}
Or Whole Controller
[Authorize(Roles = "Admin")]
public class TestController
{
}
So once those are in place you will have a create an action where the admin can assign roles to others. Branch Officer can assign roles to employees.
Useful link: http://www.dotnetcurry.com/aspnet-mvc/1102/aspnet-mvc-role-based-security
http://www.asp.net/identity/overview/getting-started/introduction-to-aspnet-identity
I develop a web project. I use Asp.Net MVC, Entity Framework. I will have roles for users in admin panel. Usrs makes processes according to their roles. I want to use design patterns for this projects. Which type of a pattern do I use for this role authorisation? Any idea?
Thanks in advance.
Easiest way to implement role management is using ASP.NET membership provider.
You then have two ways of protecting actions based on roles.
If you want to ensure that only certain roles can execute an action method, you would use the Authorize attribute and define the list of allowed roles:
[Authorize(Roles = "Admin, Manager")]
public ActionResult AdministratorsOnly()
{
return View();
}
If you need to hide functionality on the views, you can use the User.IsInRole() method to check if the currently logged in user has that role:
if(User.IsInRole("Admin"))
{
Delete account
}
I am using MongoDB to store users and passwords (instead of sql). I have my own mechanism for assigning roles to users. I would like to decorate my controller actions with roles, as follows:
[Authorize(Roles = "Administrators")]
My login code looks like this:
if (mongo.AuthenticateUser(model.UserName, model.Password))
{
FormsService.SignIn(model.UserName, model.RememberMe);
}
What is the simplest way for me to 'stamp' a users roles onto the user when they first login (the database will provide me with the role names, I just need to set them within the users context). I guess I'm looking for my code to look something like this:
if (mongo.AuthenticateUser(model.UserName, model.Password))
{
if ((mongo.IsAdmin)
{
// How do I grant the admin role???
SomeSortOfUserContext.Add('Administrators');????????
}
FormsService.SignIn(model.UserName, model.RememberMe);
}
Add roles to User Principal in Application_AuthenticateRequest in Global.asax.
Check this out;