Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Implementing rights with ASP.NET Identity

Tags:

c#

asp.net

identity

asp.net-identity

asp.net-mvc-5

We are currently working on a smaller ASP.NET MVC 5 application using ASP.NET Identity. It allows us to maintain different projects and their tasks. We recently implemented basic authentication so we are able to register a user with our site and login with them.

We want to be able to manage access rights on project basis so we can say for every single user that he has read, write, admin or no permissions for a specified project.

My first thought was that we can create a simple new table in our database which stores the user rights. But I feel that there might be a built-in way to achieve this with ASP.NET Identity.

So my question really is, which path we should follow - manually building a new table to administer the rights or use something built-in provided by ASP.NET Identity.

like image 779
Thorakas Avatar asked Dec 22 '14 12:12

Thorakas

1 Answers

use something built-in provided by ASP.NET Identity

The only things you could use there are claims or roles and both are not built for what you want IMO.

So I would go with your own table which links the project to a user, e.g.:

public class UserProjectRights
{
    [Key]
    public ApplicationUser User { get; set; }
    [Key]
    public Project Project { get; set; }

    public AccessRight Right { get; set; }
}

Then whenever you do some actions where a specific right is required you need to check for that. There are several ways how you could do that. In my app I created "access right check extensions" like the following (I have defined a common interface for all "access right entities" to "reuse" that method):

public static bool? CanView(this ApplicationUser user, Project project)
{
     var userRight = project.Rights.FirstOrDefault(r => r.User == user);
     return userRight == null ? (bool?)null : userRight.Right.HasFlag(AccessRight.View);
}

assuming AccessRight is an enum like:

[Flags]
public enum AccessRight
{
    View,
    Edit,
    Admin
}

Then you can do something like the following in your logic:

if (user.CanView(project) == true)
{
    // show project
}

I used bool? so I can implement different "default behaviour" as I know if null is returned there is no right defined.

like image 54
Christoph Fink Avatar answered Sep 30 '22 12:09

Christoph Fink
Sign in to Comment

Related questions

HtmlAgilityPack and Authentication
cell remains in edit mode even after it loses focus in wpf datagrid
The message with Action cannot be processed at the receiver, due to a ContractFilter mismatch at the EndpointDispatcher
how to get Steam Inventory API or a way to get all steam items list ? how some sites have it?
How to properly navigate backstack in Windows Phone 8.1 universal store app
Sharing a connection and a transaction in EF across multiple contexts (UnintentionalCodeFirstException)
Is there a VS shortcut to automatically update the triple-slash comments when adding new parameter to the method signature?
Using GZipStream to compress empty input results in an invalid gz file in C#
Extend Kendo HtmlHelpers for TextBoxFor
File.open hangs and freezes thread when accessing a local file
How to get a thread handle to pass to CancelSynchronousIO?
how to plot matlab figure inside winform application?
Converting a 2D Array of 2D Arrays into a single 2D Array
Seeking optimal way to handle constructors of struct with overlapping fields
Unknown objects in Managed Heap .Net 4.5
how to use GMAIL API query filter for datetime
Azure TableQuery thread safety with Parallel.ForEach
Get all inherited classes of a generic abstract class
Find usages of inherited method only from a specific subclass?
AuthorizeAttribute keeps redirecting to /Account/Login

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!