Implementing fine-grained runtime permissions in asp.net Membership?
Question
Is there a preferred way of doing fine grained access that can be modified during runtime?
ASP.net membership doesn't seem to support this. I thought of creating constant invisible subroles so that there would be a set of hidden roles like "_CanEditContent" and "_CanDeleteOthersContent". The check would be [Authorize(Roles = SubRoles.CanEditUser)] which would check that the user is in a role that has _CanEditUser role. The problem there is of how to assign roles to other roles so that when we create a new role like "UserAdmin" how could we assign "_CanEditUser" role to that new role? That seems impossible.
What I need to do is to be able to create roles during runtime and add custom permissions for new or existing roles I would do the checks with something like [Authorize] and custom checks for AJAX methods. How would I achieve this?
1 answers
solution1
0 ACCPTED 2012-08-09 06:46:30
Indeed, asp.net membership does not support this. You'll have to rollout your own mechanism with your own authorization attributes, which will use information about user (or role) permissions.
You can use asp.net membership for role management, and then assign permissions to roles whichever way you want, for example, database.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.