0

I want know if this can be done and if there is somewhere that you can point me in the right direction.

Basically, at the moment, i am using the built in Role Provider for asp.net, on my controller actions, i use a custom attribute filter as described here.

But what i would like to do is extend it even further to do something like this:

Admin - View, Edit, Delete

Manager - View, Edit

So basically, granular permissions. I have searched around on the net, but can't seem to find any way of doing this without writing my own authentication/authorisation providers :(

Any help would be greatly appreciated!!

Cheers, Nick

Community
  • 1
  • 1
xqwzid
  • 520
  • 3
  • 14

1 Answers1

1

There are several ways to tackle this. The easiest (but not necessarily best) way is to have partial views with the navigation elements, view/edit/delete and if statements surrounding each link checking the currebt User's role.

Alternatively, at the other end of the spectrum is something called AzMan (Microsoft's Authorisation Manager) which allows you to create very granular role and task-based authorizations.

AzMan been around for ages but as far as I know it is now incorporated into MS's enterprise library.

Digbyswift
  • 10,310
  • 4
  • 38
  • 66
  • The problem with AzMan is that you need to manage it through a MMC, i am not keen on doing this. I want it to be managed through the backend. I understand what you mean by using partial views, but i want these "Tasks" to be manageable, so you can actually create a completely new role and customise it. – xqwzid Jun 08 '11 at 23:17
  • Although AzMan can be managed through an MMC, you can manage it programatically. Everything the MMC snap-in offers can be accessed via code. The AzMan MMC is just an interface for the database tables which are essentially an extension of the standard membership provider. – Digbyswift Jun 09 '11 at 09:38
  • Is AzMan only limited to Windows Users, can it be used with the ASP.NET membership users? – xqwzid Jun 10 '11 at 04:29
  • No, it is not limited to Windows users. As far as I remember, the MMC will allow you to import Windows user data into your database so that you can access the user data via the membership and role providers. However, you can also use AzMan to create non-Windows users using a web form, mvc, windows form etc and store the data in the same database. AzMan is simply a more involved and flexible extension of the basic .Net membership provider. – Digbyswift Jun 12 '11 at 10:01