Allow users to grant permissions to other users for their account in ASP.NET Identity 2.0

Question

Let's assume I have my ASP.NET MVC 5 application (using Identity 2.0) where users are allowed to register. When a user register (Mr. X) he is added automatically to role User. Now I would like that user to be able to add/grant access to other users and those users to be able to login and see the same resources/data as Mr. X. Mr. X should be able to manage all the users he/she adds to the application. For the whole application Mr. X is just a normal user, but he acts as an Admin for the users he adds.

Can somebody explain how this can be achieved? Basically: - an user should be able to invite other users - the invited users should be managed by the user whom invited them - all new users should see everything what the original user (who invited them) sees

This should work basically like permissions work in SharePoint or Groups in LinkedIn

Answer 1

AS per your requirement it seems like it's kind of CRM application with user segregation and management.

You Need to have a proper Role/Person Management for this:

Query

Now I would like that user to be able to add/grant access to other users and those users to be able to login and see the same resources/data as Mr. X.

Solution

Create a Table UserManagement Like:

ID    UserId                AddedByPersonId
1     1024(New User)        1011(Mr. X ID)
2     1025(New User)        1011(Mr. X ID)

So When a New User registers or is added

The UserManagement Table will be updated

In this way Mr. X will have control over all the users whom he has added or Invited.

Hope it Helps.

Thanks,

Answer 2

You can try creating a new role for each user. You can probably just name the role using the UserId, and then add users that he grants to that role so you have a way to track this hierarchy. The rough idea seems doable...