in asp.net mvc identity,the relations data users , roles saved in aspnetuserroles table, table has 2 field:userid,roleid, want add other fields table, such department field.
so if user logins in different departments,he have different roles. knows how it? in advance!
i suggest investigate aspnet user claims. can assign different claims user identity manager, , based on claim type of user allow him access or not. create custom claims attribute placed on top of various controller authenticate user. must implemented based on needs. custom attribute fire before controller gets executed , if uses allowed pass. else return error page of choice.
sample attribute usage
[claimsauthorize(claimsdata.editaddress)] public actionresult citiespartial() attribute authentication
public class claimsauthorizeattribute : authorizeattribute { private readonly string _claimtype; public claimsauthorizeattribute(string type) { _claimtype = type; } public override void onauthorization(authorizationcontext filtercontext) { var user = (claimsprincipal)httpcontext.current.user; if (user.hasclaim(_claimtype, "true")) { base.onauthorization(filtercontext); } else { handleunauthorizedrequest(filtercontext, _claimtype + " not allowed "); } } protected void handleunauthorizedrequest(authorizationcontext filtercontext, string message) { filtercontext.result = new redirecttorouteresult( new routevaluedictionary { { "action", "claimnotauthorized" }, { "controller", "home" }, {"errormessage", message } }); } public static bool authorizedfor(string claimtype) { var user = (claimsprincipal)httpcontext.current.user; return user.hasclaim(claimtype, "true"); } } hope helps.
Comments
Post a Comment