-2

I'm creating mvc4 application and I made a costume validation that hold (manager , Super admin,admin,user)roles ,I want to make the manager make permission for any user by picking or check mark on the page who is (super admin, admin, user) allowed to view it

I mean permission to view the page if the user is allowed to view it

Cœur
  • 37,241
  • 25
  • 195
  • 267
Sonic
  • 111
  • 1
  • 14
  • Without giving too much details, you will have to make a custom membership provider and implement it for your application – Anthony Nov 19 '13 at 13:17

1 Answers1

1

You cant validate users to view certain "View" and not hide some. It doesn't work that way. If you understand the fundamental concepts of MVC, The controller process the user information and return view to the user. So if you want to validate users for the view, you have to validate the controller on user access.

if you want only admin users to access "admin" pages, then validate the admin controller by checking the logged user role.

[Authorize(Roles = "Admin")]
public ActionResult AdminController()
{
    //Some process 
     return View(); //This returns admin view if user access this controller.
}


  [Authorize(Users = "someUser")]
  public ActionResult AdminProfile()
  {
    return View();
  }

Update

If you want to authorize one user with roles or simply multiple roles, Check this

A user may have multiple roles, so if you want to restrict "Admin" users between actions, make something like a user has both "Admin" and "Technician" roles where he can access technical segment of the Admin controllers. the above link will explain how to authorize with two roles for a action.

Community
  • 1
  • 1
Sakthivel
  • 1,890
  • 2
  • 21
  • 47
  • but what if i want to make something like control panal and i may create 2 admins but the first one allowed to see 3 views but the other allowed to see different 3 views or may be more ? – Sonic Nov 20 '13 at 09:13