I’m building an web application that I want users to have specific permissions to perform a specific action. I don’t want to use the default permission and role providers in ASP.NET.
I was thinking of having each User associated with a Role. Each Role is mapped to a set of Permissions (CreatePost, ReadPost, UpdatePost, DeletePost and so on).
I have a couple of questions regarding this. Would it be best to have a boolean property for each Permission on the role or some sort of bitfield? I like the idea of having methods for this but properly need to map these to the permissions stored for the role in the database.
Also, how would I implement this for each action/request? I’m thinking something along the lines of what was posted here but I’m not really sure.
Thanks!
Make your own role provider and register it in the web.config. Look at the MSDN for a sample. Once it is registered it will associate the roles you provide with the principal.
I’ve just done that for one of my project and it works fine.
To check whether the user has permission to execute a task you’ll have to see whether the user is in the required role. In “normal” ASP.NET you will have to do this in code. In MVC you can do that with attributes on each class/method in the controller.