I have created my own Role Provider because I found the one that ASP.Net provides to be way too bulky in terms of tables in the database. I found implementing a custom RoleProvider to be quite easy.
My only problem is that right now I cannot have multiple roles for a page. I saw somewhere that at the top of your class you need to "anotate it" with some security code. This is what I have
[PrincipalPermission(SecurityAction.Demand, Role="Admin")]
If I try to include multiple roles by using a comma separated list I get errors. If i try to specify multiple role keys then I also get errors. Do i Need to specify multiple PrinicipalPermissions by any chance?
I have very little experience with ASP.Net's role management. Can someone point me in the right direction or at some good literature.
And then you can use the Authorize Attribute like so on the Controller Class or the Controller Method (or both): [Authorize(Roles = Roles. ADMIN] public class ExampleController : Controller { [Authorize(Roles = Roles. ADMIN_OR_VIEWER) public ActionResult Create() { ..
Role-based authorization checks specify which roles which the current user must be a member of to access the requested resource. The controller SalaryController is only accessible by users who are members of the HRManager role or the Finance role.
They are - Windows Authentication, Forms Based Authentication and Passport Authentication.
you can add the PrinicpalPermission attribute multiple times.
[PrincipalPermission(SecurityAction.Demand, Role="Admin")] [PrincipalPermission(SecurityAction.Demand, Role="AnotherRole")]
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With