0

In my ASP.NET MVC4 application, i am using Windows Authentication and want to restrict access of controller action methods for various roles. Something like:

[Authorize(Roles="Administrator")]
public ActionResult Index(){...}

Note: The user list and their corresponding roles are saved in the SQL Server database.

I dint find the perfect solution till now. All were with Forms Authentication. Please help in implementing this.

Shilpi Mishra
  • 13
  • 6
  • You can just apply this Filters...like ActionResults filters and they can authenticate if the user is valid then after Index Action will be call other wise they are not call. OnActionFilter gives us the appotinity to cancel the call... – Nayeem Mansoori Jul 08 '14 at 05:10

1 Answers1

0

I just implemented this service a few weeks ago, there are a few items you must look into before successfully implementing the roles service.

  1. Construct your database with aspnet_membership tables. Here is an article regarding the data structure overview. Article

  2. Configure your connection string to talk to your data base and allow such authorization methods. Provided is a very generic connection string their are more robust approaches.

    <roleManager enabled="true" defaultProvider="SqlRoleProvider">
 <providers>
  <add name="SqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="CorporateSiteConnectionString"/>
 </providers>
</roleManager>
<membership defaultProvider="CustomizedMembershipProvider">
 <providers>
  <add name="CustomizedMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="CorporateSiteConnectionString" applicationName="Sales Site"/>
 </providers>
</membership>

  3. Create your data abstraction methods. If you use Linq to Sql and use the dbcontext. You can also implement the sprocs accompanied with the aspnet_membership schema.

  4. Test a user. Login a user and check their role.

    bool isUser = Roles.IsUserInRole("Administrator");

For a full guide please review this article.

Drisan James
  • 146
  • 9
  • My application is simple. And i am looking for simple solution to implement authorization. Please help in that way. – Shilpi Mishra Jul 08 '14 at 06:29
  • Since you have a user base already. I would recommend that you extend your filters or create a custom filter as described [here](http://stackoverflow.com/questions/13264496/asp-net-mvc-4-custom-authorize-attribute-with-permission-codes-without-roles) – Drisan James Jul 09 '14 at 16:38