Geek Answers Handbook

Permissions for roles in .NET.

I use standard tables and .NET database code for .NET, with .NET 4.0, C #, and MVC 3.

Basically, I want to have roles (which are included in the structure), and then be able to assign permissions for these roles (which, as far as I know, are not included).

So, I want to assign permissions for roles. A user as an accountant could not edit and delete employees, but a user as an administrator could. Since these permissions can change at any time, instead of checking User.IsInRole("Administrator") , I would like to do something like User.HasPermission("EditEmployee") .

Perhaps I could create some custom tables and the code itself, but I would prefer to use the .NET Framework if it is already built-in. Is there anything similar? If not, is there a library in which it does ?

+7
source share
3 answers

Perhaps you could just add another role for a user who can edit employees. Something like "CanEditEmployee" and then check if the user is in the role of "CanEditEmployee"? This is what I do when I need to do something like this.

+1
source

The built-in RoleProvider does not really offer a clean way to do this. In fact, the only way to do this with RoleProvider is to create roles like "Employees_CanEdit" and "Employees_CanAdd" etc. But then you will get a huge mess of roles floating around.

There are other ways to have permissions with your roles. You can create a table that binds the user, role ("Employees") and permission ("Add" or "Change"). Then you can implement something like:

 public bool HasPermission(string role, string permission) { // Some sql for accessing the table // return true if a row exists that matches the user, the role, and the permission }
+2
source

Usually, when I want to do something like this, I create sub-roles using the underscore character "_", the segmented extra permissions / capabilities provided by the subroutine.

Example:

Administrator Administrator_EditEmployee Administrator_EnableTasks etc ...

Then I parse the names on my control pages, so I get a beautifully formatted nested tree / drop down list, which I then assign to various users. Thus, you can continue to use the built-in security system without adding anything special to your control pages, except for any parsing logic.

+1
source

More articles:


All Articles