What I want:
An intranet application where only people who are logged in can see the application... and an Admin and Member role.
1:
I have created an MVC 5.0 web application (for intranet).
It has a Home view with a home controller... I have an Admin view with an admin controller.
The home page has a link (well it's not a link yet but whatever) on it that is conditional:
@if(User.IsInRole("Admin")){
<li>Admin</li> @*Will be link to admin controller action*@
}
I would like to create 1 user with role of "Admin" and allow him/her to then create new users (assigning them to Windows authentication logins) with a username and a new role of either "Admin" or "Member"...
2:
Next, I want to make it so that the users with Admin role can do all of the stuff denoted in my SQL database with the roles that be-fit them.
For example,
John only has read and write access to some of the tables ("Member") But Jack and Jill have read and write access to all of the tables ("Admin").
John cannot see the Admin link on the Home view, but Jill can. The Admin controller action is locked down to only allow users with "Admin" as the role, not "Member"...
The Core question (with 1 and 2 in mind):
I realise that there are two sets of authentication here, one for windows authentication for the application itself, and then one for the database, but I have a funny feeling they should be linked in some way. I have read quite a bit of material but am consistently confused with it, coming from a Web Form authentication skill set, It's my first intranet application... bit confused.
What I've done so far:
I have currently got Windows Authentication enabled, and I can successfully use the application and call upon:
@User.Identity.Name
to find out who I am...
Side Notes:
I would like to understand in what context the Authorize parameters are to be used eg.
[Authorize(Roles="Admin")]
