I am looking for NuGet package that provides similar functionality as the CanCan gem in rails ( https://github.com/ryanb/cancan ).

Does anyone know a plugin that provides a similar functionality? Or a simple way to implement this?

Thanks

I ended up looking at http://www.develop.com/wifclaimsbasedauthorizationone it does very much as CanCan does.

For example

ClaimsPrincipalPermission.CheckAccess("Customer","Add");

Would check whether the user had permission to add customers.

We are testing http://thinktecture.github.com/Thinktecture.IdentityModel.45/

Basically claims based Authorization for .Net

With MVC5 and One ASP.Net Claims is baked right into the core of .Net

After a long long search I found these essays useful:

http://msdn.microsoft.com/en-us/library/ff359101.aspx http://www.codeproject.com/Articles/639458/Claims-Based-Authentication-and-Authorization http://www.codetails.com/punitganshani/using-claims-identity-with-simplemembership-in-asp-net-mvc/20130525
http://leastprivilege.com/
http://www.postsharp.net/aspects/examples/security

UPDATE
latest from Microsoft introduced in 2013 release: http://blogs.msdn.com/b/webdev/archive/2013/06/27/introducing-asp-net-identity-membership-system-for-asp-net-applications.aspx
Samples:
https://stackoverflow.com/a/18751036/316343
https://github.com/rustd/AspnetIdentitySample http://msdn.microsoft.com/en-us/library/hh377151.aspx

I prefer the one used in CodeProject tutorial which is based on frameworks from Thinktecture guys, source code is available at:
https://github.com/brockallen/BrockAllen.MembershipReboot https://github.com/thinktecture/Thinktecture.IdentityModel.45

Just remember that the CodeProject article is outdated from the persistence point of view.
Now MembershipReboot support EntityFramework, MongoDB and RavenDB as data store.

Recently, I was searching something about activity based authorization and I found some interesting tutorial, how to implement it: https://mkarczewski.wordpress.com/2013/10/21/activity-based-authorization-in-modular-systems/

I also found this library, and it seems very cool! This is something, I was hoping to find. https://github.com/michelgrootjans/CanI/blob/master/README.md

In .NET you should be using Membership Provider and Authorize attributes.

Check out this page in the ASP.NET Core documentation. Its somewhat similar to what cancan does.

You write an Authorization Handler like so:

public class DocumentAuthorizationHandler :
       AuthorizationHandler<OperationAuthorizationRequirement, Document>
   {
       public override Task HandleRequirementAsync(AuthorizationHandlerContext context,
                                                   OperationAuthorizationRequirement requirement,
                                                   Document resource)
       {
           // Validate the operation using the resource, the identity and
           // the Name property value from the requirement.

           return Task.CompletedTask;
       }
   }

Now you can use the following code in your controllers:

if (await authorizationService.AuthorizeAsync(User, document, Operations.Read))
   {
       return View(document);
   }
   else
   {
       return new ChallengeResult();
   }

or in your views:

@if (await AuthorizationService.AuthorizeAsync(User, Model, Operations.Edit))
   {
       <p><a class="btn btn-default" role="button"
           href="@Url.Action("Edit", "Document", new { id = Model.Id })">Edit</a></p>
   }