Home/ Questions/Q 6804547
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T19:28:46+00:00

I have a simple ASP.NET MVC 3 application. I have the database I designed

  • 0

I have a simple ASP.NET MVC 3 application. I have the database I designed for the application, which corresponds to a domain model (in an App.Domain assembly).
I auto-generated the Application Services Membership tables and added them to the application database. Membership creation is working fine.
I created a ‘Permission’ table which has a composite PK made up of UserId (from the auto-generated aspnet_Users table) and ContentId (from the Content table holding the application content).
The idea is to allow users to allocate permissions to other users for the content they create.
My plan is to then place logic in the Controllers that goes something like:
Collapse | Copy Code

Guid currentUser = (Guid)Membership.GetUser().ProviderUserKey;
int[] accessible = (from p in context.Permissions
                         where p.UserId == currentUser
                         select p.ContentId).toArray();

Then to get the content for the current user, something like this:
Collapse | Copy Code

IEnumerable<content> content = context.Content
            .Where(x => x.PublicAccess < 3 
            || accessible.Contains(x.ContentId));</content>

If I have made any sense, can anyone tell me if this is a normal way to handle user defined permissions.
Also, this code doesn’t work because it won’t cast the linq to an int[]. Any help with that?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Typically permissions are handled by the role subystem. You do something like this:

    if (User.IsInRole("RoleName")) {
   DoWhateverTheUserIsAllowedToDo();
}

    You can combine this with dynamically assigned content permissions by looking up what roles or users are assigned to the content, and checking if the user is in that role, or if the users is specifically allowed.

    Role based permission scales better than assigning users to specific pages. As the number of pages grow, assigning users to pages becomes a nightmare. So you typically assign roles to pages, then assign users to roles.

    Your code seems to want to do a lot of work, returning lots of different content items. Typically, you know what item you want to control access to. So you might do something like:

    var roles = Roles.GetRolesForUser()
var content = from p in context.Permissions where p.ContentID == contentID 
                      && roles.Any(x => p.Roles.Contains(x)) select p;

    But, there are so many ways to do this, you will have decide what works best for you.

    I don’t understand your last bit about not casting to an int[]. I assume .toArray() is a typo, it should be .ToArray(). And if ContentID is an int, .ToArray should create an int[].

    • 0