Phill Greggan
Reputation: 2394
How do i set authorized access to action methods based on DB tables?
i have a mst_roles table in db with followingstructure
id RoleName
1 Admin
2 Manager
3 Operator
the mst_users table is like this
id username password RoleId
1 bob 123 2
2 rick 777 3
in my MVC i have a controller Orders with two action methods
public ActionResult TakeOrder()
{
}
public ActionResult StopAllTransactions()
{
}
How do i let only the Role Manager access the StopAllTransaction() and Operator has the access to TakeOrder()?
Upvotes: 0
Views: 166
Answers (1)
Deepak Kushvah
Reputation: 278
Action Method :
[AuthorizeDBRoleAttribute(Roles = "Role1,Role2")]
public ActionResult Welcome()
{
return View();
}
Custom Class :
public class AuthorizeDBRoleAttribute : AuthorizeAttribute
{
public string Roles { get; set; }
protected override bool AuthorizeCore(HttpContextBase httpContextBase)
{
//Bind User Roles from Database here
string userRoles = "Role1,Role2,Role3";
if (userRoles.IndexOf(Roles) > -1)
return true;
else
return false;
}
}
Upvotes: 2
Related Questions
- Using Database first approach in Entity framework, how to fetch the data from a single table only which has multiple foreign key relationship?
- When i use role based authorization how does it knows currenly logged in users Role?
- How to provide access of action methods for particular user in a controller in asp.net mvc
- ASP.NET MVC Role based Privileges for Controller Actions
- How to redirect to admin login page in mvc internet application template? (by defaut, it redirect to account/login page))
- Apicontroller - how to get access to methods such as Json() and Content()
- Error using AddUserToRole of SimpleMembership: INSERT statement conflicted with the FOREIGN KEY constraint
- MVC4 role based controller's action access
- MVC 4 ActionResult JsonRegister