MVC3 - Authentication for UserId

Question

TO BE CLEAR: I have two groups of users - GroupA - User1, User2 GroupB - User3, User4 Group A does TaskA and creates TaskA Object Group B does TaskB and creates TaskB Object Role based prevents GroupA from editing TaskB Object and vice versa

The ISSUE - User1 can still edit User2's TaskA Object

I have integrated SqlMembership into my custom database and in my custom tables I have a UserId field which maps to the GUID AspNet_UserId column in AspNet_User Table. A user can create a job, and it is associated with the user's AspNet_UserId.

My issue is I have Role based security but I also must set security so only only User with UserId can access edit view that has model data containing his UserId.

I have looked at this post - ASP.NET MVC 3 using Authentication

(BUT the first part of the answer with 29 upvotes seems incomplete)

Answer 1

The Solution -

I haven't implemented this yet but from what I see this is what I am looking for. I found it here: http://forums.asp.net/t/1771733.aspx/1?Display+a+specific+data+for+User

This will hopefully save me from having to look at WIF...

(Keeping my fingers crossed)

Employee Controller:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web.Mvc;
using System.Web.Security;

namespace UserDetails.Controllers
{
public class HomeController : Controller
{
    private readonly List<Employee> m_employees;

    public HomeController()
    {
        m_employees = new List<Employee>
                          {
                              new Employee
                                  {
                                      Id =  Guid.Parse("3aebbf53-3581-4822-bef4-c9701d927b93"),
                                      JobTitle = "Senior Developer",
                                      Manager = "Mr. Smith",
                                      Salary = 1500
                                  },
                                  
                                new Employee
                                    {
                                        Id= Guid.Parse("{3924afa7-d31b-4d30-b368-f825d4028779}"),
                                        JobTitle = "Lead Developer",
                                        Manager= "Mr. Doe",
                                        Salary = 2500
                                    }
                          };
    }

    public ActionResult Index()
    {
        if (User.Identity.IsAuthenticated)
        {
            MembershipUser currentUser = Membership.GetUser(User.Identity.Name, true /* userIsOnline */);
            
            if (currentUser != null && currentUser.ProviderUserKey != null && currentUser.IsApproved)
            {
                var currentUserId = (Guid)currentUser.ProviderUserKey;

                Employee result = (from employee in m_employees
                                   where employee.Id == currentUserId
                                   select employee).FirstOrDefault();

                return View(result);
            }
        }

        return View();
    }

    public ActionResult About()
    {
        return View();
    }
}

public class Employee
{
    public Guid Id { get; set; }
    public string JobTitle { get; set; }
    public string Manager { get; set; }
    public int Salary { get; set; }
}
}

Index View

@{
    ViewBag.Title = "Home Page";
}

@model UserDetails.Controllers.Employee
       
<p>

@if (Model != null && User.Identity.IsAuthenticated)
{
    <label>Your name is: </label>@User.Identity.Name <br/>
    <label>Your Job Title is: </label>@Model.JobTitle<br/>
    <label>Your Manager is: </label>@Model.Manager<br/>
    <label>And you earn way too less money: &euro;</label> @Model.Salary
}