2

I need to extend default identity 2.0 user profile with some custom attributes. Then, based on such attribute I need to restrict some user actions on a view. E.g., user have a new attribute called Country, then on a page that show all orders, he need to see (or can click/run some action) on only those rows/orders in his country (from attribute).

How can I do this?

Milan M.
  • 959
  • 3
  • 12
  • 27

1 Answers1

2

Best is to add these custom attributes as a claims when user is logged in. These claims are persisted in auth-cookie and you have very efficient access to these claims while user is logged-in. And then based on weather user has a required claim, then on the page you can show-hide elements.

trailmax
  • 34,305
  • 22
  • 140
  • 234
  • here is a general description of Default claims and how it is tied together: http://tech.trailmax.info/2014/08/aspnet-identity-and-owin-who-is-who/ – trailmax Jan 24 '15 at 14:31
  • http://kevin-junghans.blogspot.co.uk/2013/12/using-claims-in-aspnet-identity.html – trailmax Jan 24 '15 at 14:37
  • http://benfoster.io/blog/aspnet-identity-stripped-bare-mvc-part-2 - see the last part about additional properties – trailmax Jan 24 '15 at 14:38
  • this answer for adding claims on cookie http://stackoverflow.com/a/20400918/809357 – trailmax Jan 24 '15 at 14:38
  • This answer for checking if user has required claims: http://stackoverflow.com/a/25384929/809357 – trailmax Jan 24 '15 at 14:40
  • Hopefully this will be enough to get you started. Also I've been playing with Claims-based authorisation and results of my experiments are on Github: https://github.com/trailmax/ClaimsAuthorisation there are 2 branches - master is more advanced, other branch is more simple. You can steal ideas from there. – trailmax Jan 24 '15 at 14:41
  • oh.. and this one http://visualstudiomagazine.com/articles/2013/08/01/leveraging-claims-based-security-in-aspnet-45.aspx – trailmax Jan 24 '15 at 14:41
  • 1
    Great material, thanks. I followed these tutorials, but there is no word of claims: http://typecastexception.com/post/2014/06/22/ASPNET-Identity-20-Customizing-Users-and-Roles.aspx – Milan M. Jan 24 '15 at 14:42
  • One more question. All of these examples uses SignInAsync method to add claims after user creation and then login user. I don't want that, because administrator is creating users and the method PasswordSignInAsync is used to login users. How can I add claims in this way ? – Milan M. Jan 26 '15 at 13:25
  • There are 2 types of Claims in Identity - persisted claim added by `UserManager.AddClaim` - these are stored in database and automatically added to `IIdentity` object on user sign-in. In addition to these you can add more claims to the `Identity` object in `UserManager.CreateIdentityAsync` - these are only stored in the cookie and will be gone after user sign-out. – trailmax Jan 26 '15 at 14:11
  • O.K. I want to use first one, those stored in db. How can i use them in my case, as I don't want to login user after creation by admin ? – Milan M. Jan 26 '15 at 16:14