Warm tip: This article is reproduced from stackoverflow.com, please click
asp.net asp.net-mvc asp.net-mvc-4 c# roles

Implementing role-based authorization using .NET MVC 5

发布于 2020-04-23 13:06:57

I would like to implement a role-based authorization in my web application that I'm building. The way I imagined to make this is to create 3 tables in my DB like following:

1. Roles
2. UserRoles (many to many table)
3. Users

After that each user would have a role assigned to him. Now... My question is, How do I permit or forbid access to specific views/controllers inside my .NET MVC application. I've stumbled upon this:

[Authorize(Roles = "HrAdmin, CanEnterPayroll")]
[HttpPost]
public ActionResult EnterPayroll(string id)
{
    //  . . . Enter some payroll . . . 
}

The Authorize property seems to be limiting the specific controllers/actions to specific roles... But what if I read the user roles from the table UserRoles like in my case?? How is my application gonna know what role does the User have on the system ??

Can someone help me out with this ?

Questioner
User987
Viewed
54
分享
SᴇM 2016-10-27 18:13

Lets pretend you have stored your UserName and Roles in Session:

[AllowAnonymous]
[HttpGet]
public ActionResult Login()
{
    . . . .

    string userName = (string)Session["UserName"];
    string[] userRoles = (string[])Session["UserRoles"];

    ClaimsIdentity identity = new ClaimsIdentity(DefaultAuthenticationTypes.ApplicationCookie);

    identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, userName));

    userRoles.ToList().ForEach((role) => identity.AddClaim(new Claim(ClaimTypes.Role, role)));

    identity.AddClaim(new Claim(ClaimTypes.Name, userName));

    AuthenticationManager.SignIn(identity);

    . . . .
}
User987 2016-10-28 21:35:50

I've tried this method now, but it says that AuthenticationManager class doesn't contains SignIn method for some reason :/

SᴇM 2016-10-28 21:37:53

Add using Microsoft.Owin.Security reference

SᴇM 2016-10-28 21:40:34

Here is MSDN page about AuthenticationManager class

SᴇM 2016-10-28 21:42:05

Do you have Microsoft.Owin, Microsoft.Owin.Security, Microsoft.Owin.OAuth in your references?

User987 2016-10-28 21:43:21

Let us continue this discussion in chat.

Related issues

1
No route matches the supplied values for HTTP POST
2
await SignInManager.PasswordSignInAsync() always results in a failure in my ASP.NET MVC project
3
Cascading (Dependent) Country State City DropDownLists using jQuery AJAX in ASP.Net MVC
4
ASP.NET Core 2.1 no HTTP/HTTPS redirection in App Engine
5
My label message won't appear after filling out login form
6
FCM (Firebase Cloud Messaging) Push Notification with Asp.Net
7
In C#, what is the difference between public, private, protected, and having no access modifier?
8
How to filter String array with integer array with LINQ by index?
9
Read a RTF File and Remove the dynamic text
10
ASP.NET Core equivalent for ASP.NET MVC BeginExecuteCore