I'm creating a system using Asp.Net MVC, but before I start to develop I need to define the security policy. I thought to create it by profile where each profile will have permissions to access, for example: Profile Administrative (all permissions), Profile Common (restrict access), Profile Manager (with some permissions of profile Administrative).
I thought to create a Profile with Permissions by Method's Name or Controllers and give permissions as boolean true/false, example: The method addNewProduct()
, whether this method only works to Profile Administrative/Manager I will give permissions only for them, however, I don't know how could I do to get the Controller or Method's name to give these permissions.
Example:
Profiles
Administrative | Common | Manager
[x]addNewProduct | []addNewProduct | [x]addNewProduct
How could I do this ? Any suggestion ?
What you are looking for is not profiles but roles , and the technique is called Role-Based Authorization .
In ASP.NET MVC, you can use it like this:
[Authorize] //ensure a user is signed-in
public class MyController : Controller
{
[Authorize(Roles = "Administrative,Manager")] // ensure the user is signed in and belongs in one of the roles
public ActionResult DoSomething()
{
return View();
}
}
Here, if, for example, Windows Authentication
was enabled, the Authorize
attribute would look for the user's Groups
in Active Directory
to confirm whether the user belong to one of those groups or not.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.