2

We have been developing a web application in ASP.NET MVC. We have scenarios where many actions on web page are dependent upon role of a specific user. For example a memo page has actions of edit, forward, approve, flag etc. These actions are granted to different roles and may be revoked at some later stage.

What is the best approach to implement such scenarios?

Jarrod Nettles
  • 6,145
Muhammad Adeel Zahid
  • 121

1 Answers1

4

I would just use standard ASP.NET Membership to manage your users - I'm primarily a Webforms developer who has only dabbled with MVC, sadly, but I see it is included if you create a new MVC Web Application project using the Internet Application template.

Roles are managed using the System.Web.Security.Roles class which has simple methods AddUserToRole() and RemoveUserFromRole() that can be used to grant and revoke permissions.

And then your individual pages use the IsUserInRole() method to check whether to allow various actions.

Carson63000
  • 10,500
  • the rights granted to roles can be revoked and even new rights can be granted to roles. Moreover, how can i find role of a user in view. i have seen that roles are given as parameter to authorize filter that decorates different action methods in our asp.net mvc application. suppose, in a page user has view right but not of forward or approve so he should not see those buttons or links on the page. how would you achieve this goal. what are the implication of user having more than one role – Muhammad Adeel Zahid Mar 19 '11 at 07:58
  • GetRolesForUser() returns a list of the roles that the currently logged-on user. For not showing buttons, links, etc. unless a user has the appropriate role, just wrap an if (IsUserInRole("role")) around the button (or more likely put the actual implementation in your business layer not directly in the view). Users are perfectly able to have more than one role. Maybe have a read of Understanding Role Management – Carson63000 Mar 19 '11 at 10:36