Home/ Questions/Q 52097
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-10T16:51:13+00:00

We are building a multi-tenant website in ASP.NET, and we must let each customer

  • 0

We are building a multi-tenant website in ASP.NET, and we must let each customer configure their own security model. They must be able to define their own roles, and put users in those roles. What is the best way to do this?

There are tons of simple examples of page_load events that have code like:

  if (!user.InGroup('Admin')        Response.Redirect('/NoAccess.aspx');

But that hard codes the groups and permissions in the code. How can I make it user configurable?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Perhaps put the configurable roles in a DB table, where you store the roles and tenant, and then the PagePermissions in another table, for example:

    Table 'Role' RoleId, TenantId, Role  Table 'PagePermissions' PageId, RoleId  Table 'UserRoles' UserId, RoleId

    Then in the page load check whether the User is in a RoleId that has permissions for that page, for example:

    Select PageId FROM  UserRoles UR INNER JOIN PagePermissions PP ON UR.RoleId = PP.RoleID WHERE UR.Userid = @UserId AND PP.PageID = @PageId

    If there are no rows returned then deny the user.

    • 0