Reputation: 2724
ASP.NET Identity - Simplified
Existing database model (simplified):
- 1 User can be joined to 1 or many AccessGroups.
- 1 AccessGroup can have 1 or many AccessItens.
When an identity is created it may be assigned one or more claims issued by a trusted party. A claim is a name value pair that represents what the subject is, not what the subject can do.
It does not seem like a good idea to store AccessItems as UserClaims,
e.g:
- UserClaims -> Name = CanDeleteSale; Value = True
But on the other hand I can't think another way to do that.
After search a lot, I can't think how to represent this model using roles or claims in ASP.NET Identity.
Why?
Admin users can customize AccessGroups, then use declarative roles does not fits in this case.
I can only trust in AccessItens because they are fixed Id's like enums, so I would like to use declarative auth with this using enums.
I need to store all user AccessItems after user login and use it for auth actions latter, using declarative way.
ASP.NET Identity seems beautifull to me, I'm trying to understand it better now.
Sorry if I could't express my question in a clear way, please, tell me about any doubt.
Upvotes: 2
Views: 199
Answers (1)
Reputation: 154
I think you are on the right track. I have a lot of experience representing User Roles like this and my personal preference (I deal mostly with large enterprise projects) is to use ASP.NET identity for authentication and handling the access control with custom code.
For smaller projects I believe you can customize the IsUserInRole method like I have done below.
public class CustomRoleProvider : RoleProvider
{
/// <summary>
/// Gets a list of roles assigned to a particular User
/// </summary>
/// <param name="UserID">ID of the User</param>
/// <param name="context">DbContext</param>
/// <returns></returns>
public static List<string> GetUserRoles(int UserID, UserContext context)
{
return context.UserList
.Where(s => s.UserID == UserID)
.SelectMany(s => s.AccessGroup.GroupRoles)
.Select(gr => gr.RoleID.ToString()).ToList();
}
/// <summary>
/// Gets a list of roles assigned to a particular user
/// </summary>
/// <param name="username">username of the user [or "" for current user]</param>
/// <param name="context">DbContext</param>
/// <returns></returns>
public static List<string> GetUserRoles(string username, UserContext context)
{
return context.UserList
.Where(s => s.Username == username)
.SelectMany(s => s.AccessGroup.GroupRoles)
.Select(gr => gr.RoleID.ToString()).ToList();
}
//roleName = RoleId; so that only the IDs are stored in session...
public override bool IsUserInRole(string username, string roleName)
{
return GetUserRoles(username, new UserContext()).Contains<string>(roleName);
}
public override string[] GetRolesForUser(string username)
{
return GetUserRoles(username, new UserContext()).ToArray();
}
public override string[] GetAllRoles()
{
return new UserContext().UserRoleList.Select(r => r.RoleID.ToString()).ToArray();
}
public override bool RoleExists(string roleName)
{
return new UserContext().UserRoleList.Where(r => r.RoleID.ToString().Equals(roleName)).Count() > 0;
}
public override string ApplicationName
{
get { return "Your Application Name"; }
set { }
}
public override string[] GetUsersInRole(string roleName)
{
throw new System.NotImplementedException();
}
public override string[] FindUsersInRole(string roleName, string usernameToMatch)
{
throw new System.NotImplementedException();
}
public override void AddUsersToRoles(string[] usernames, string[] roleNames)
{
throw new System.NotImplementedException();
}
public override void CreateRole(string roleName)
{
throw new System.NotImplementedException();
}
public override bool DeleteRole(string roleName, bool throwOnPopulatedRole)
{
throw new System.NotImplementedException();
}
public override void RemoveUsersFromRoles(string[] usernames, string[] roleNames)
{
throw new System.NotImplementedException();
}
}
Upvotes: 2
Related Questions
- ASP.NET Core Identity with Windows Authentication
- Asp.NET Core Claim based Authorization
- Identity on ASP.NET Core AspNetUsers
- Asp.Net Core 3.0 Authorization and Authentication
- ASP.Net Core 2.2 Authentication
- How to implement Identity in ASP.NET Core 2.2
- ASP.Net Core 2 authentication
- Windows Authentication to log into Identity
- basic authentication/identities and aspnet core
- ASP.NET 5 RC1 Identity Authentication method