Reputation: 122
What is the best way to implement customized authorization in MVC5?
I am working on an MVC5 application. In my application, I have two tables named employee and the department. My question is how can I provide customized authorization at the department and the employee level in MVC?
For example, there is a from to create a new employee. What I want to do is, only the user from human resource department or the user having 'create new employee' rights(it is not mandatory for the user to be from the human resource department), should be able to access the form.
If it was a webpage application, I would be doing something like creating a user rights table having both department id and the employee/user id fields with other fields (like create new employee, view employee list, create new department) for storing their access rights and then check their values for the logged in user while accessing those pages.
As I am new to MVC, I am looking for some suggestions for the best way to implement this. Any good ideas/suggestions are welcome!
Upvotes: 0
Views: 94
Answers (1)
Reputation: 7791
If you used default template for your MVC5 project, you already have most of what you need. The ASP.NET Identity set of features is your entry point. Look into the IdentityRole as a base for managing your app's roles, IdentityUser, IdentityUserRole and IdentityUserClaim for your authorization tasks.
Upvotes: 2
Related Questions
- What is the difference between a field and a property?
- What are the correct version numbers for C#?
- What is the best way to give a C# auto-property an initial value?
- What is the difference between String and string in C#?
- What does the [Flags] Enum Attribute mean in C#?
- What is the yield keyword used for in C#?
- Best way to repeat a character in C#
- How to render an ASP.NET MVC view as a string?
- What is the difference between const and readonly in C#?
- Best way to get application folder path