Home/ Questions/Q 7932295
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-03T20:58:22+00:00

I’m developing some website which is a kind of online workplace, there will be

  • 0

I’m developing some website which is a kind of online workplace, there will be some users and some ongoing computer programming projects, and each user can have multiple roles, for example one particular user can be a project manager for an project and a developer for another project. naturally the project manager has more authority than the developer in the project. my question is how to manage this in my code neatly? I was going to use my custom Role Provider and use the Authorize attribute with this, but it’s not sufficient , since I’d need the project Id plus the user Id to find the role of user in an specific project.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    First all you will have to create additional tables for your extended role management like projects and there relationship with the users in context of operations, which might be your controller's actions.

    One way of doing is to create your own table for roles. In that case you will only use only Asp net membership users, but it all depends your requirements.

    Secondly you have to handle it in MVC, In my opinion the best way is to implement it through your own custom Authorization attribute, and decorate your controller’s actions with your custom authorization attribute instead of [Authorization] attribute.

    Its very simple.

    [CustomAuthorize]
//[Authorize]
public ActionResult GetProjectTasks(string projectname)
{

}

    For that you have to inherent your class from FilterAttribute and also have to implement IAuthorizationFilter interface. 

     public void OnAuthorization(AuthorizationContext filterContext)
    {
        HttpCookie authCookie = filterContext.HttpContext.Request.Cookies[FormsAuthentication.FormsCookieName];

        if (authCookie != null)
        {
            FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
            var identity = new GenericIdentity(authTicket.Name, "Forms");
            var principal = new GenericPrincipal(identity, new string[] { authTicket.UserData });
            filterContext.HttpContext.User = principal;
        }

        var controller = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
        var action = filterContext.ActionDescriptor.ActionName;
        var user = filterContext.HttpContext.User;
        var ip = filterContext.HttpContext.Request.UserHostAddress;

        var isAccessAllowed = CustomAuthenticationLogic.IsAccessAllowed(controller, action, user, ip);
        if (!isAccessAllowed)
        {
            // Code if user is authenticated
            FormsAuthentication.RedirectToLoginPage();
        }            
    }

    In the method OnAuthorization, you can get all the information which you might be require in your custom authorization logic like HttpContext, Controller name, Action name. You have to just call your custom authentication logic from this method.
    Your custom authentication logic might look like the following.

     public class CustomAuthenticationLogic
{
    public static bool IsAccessAllowed(string controller, string action, IPrincipal user, string ip)
    {
        //
        // Your custom logic here              
        //              
    }
}
    • 0