Currently I’m developing an ASP.Net MVC 5 application with MS Sql server database. I need to implement authentication and authorization based on ASP.Net identity 2.0. I just went through basic concepts of Identity and try to implement the same in my application. Since the database is already defined, I need to customize Identity a little bit. When I looked on to the database, tables are little bit different that I normally found in sample identity projects.
From the image you can see that there is a table named user group and defined set of rights to them based on module. The same rights will be accessible to the user by default. If you want to change any rights you can override it by setting permission in User Rights table.
So my first question is, ASP. Net Identity with Custom Authorization and Authorization is the right method to implement a scenario like this?
From the view perspective, I have to generate a menu based on user / user group rights and also want to enable / disable buttons based on them. I was able to generate menu based on database values. But I need to authorize each and every client request and for that I think AuthorizeAttribute is the best option. Please suggest? Any good design patterns or post are appreciated.
Sure
Identity
so powerful and flexible you can customized it. Use your user right as a claim then write a customizedAuthorizeAttribute
to check the claims for example consider this code:And write the claim based authorize attribute:
At the end you just need to add your attribute to your actions:
I omitted user group to simplify the example and also I hardcoded some parts which you need to write a provider to fetch from DB.