How do I profile security with Asp.Net MVC?

Asked

Viewed 448 times

1

I am creating a system using Asp.Net MVC and before I start I need to do profile-based security. I’ll have multiple profiles each with an access option. For example: Admin Profile (access all), Common Profile (restricted access), Advanced Profile (some administrative access), etc.

I thought to create the profile and create the modules (methods or controllers) for the profile and through a true/false Boolean give permissions to the profile and then put the profile to the user, this would be the simplest way to do it. However, I don’t know how to do this by checking whether the method/controller is allowed or not by the profile to have access as for example to lower an account q would be just the Admin profile that could do, or as a low sale that the Advanced Profile could Fz tbm along with the Administrator.

How to do that ? What do you suggest ?

c# asp.net-mvc asp.net-mvc-5

1 answer

2


Thinking of a very simple solution you could use the Filter of ASP.NET.

Database

You can have 3 tables, one of users, another of profile, and another user profile.

Controller

You will annotate your classes or methods with the filter name, here you will tell which profiles will have access to the class.

[PerfilFiltro(Perfil = "Vendas")]

Filter class

Dai in the filter class, you will access the database to check whether or not the user has the profile to access the class.

public class PerfilFiltro : ActionFilterAttribute { 
     public override void OnActionExecuting(ActionExecutingContext filterContext)
     {
        if (!filterContext.ActionParameters.ContainsKey(Perfil))
        {
            string Usuario = filterContext.HttpContext.Session["NomeUsuario"].ToString();

            // o parâmetro Perfil é o perfil anotado na classe

            // use sua logica para buscar o perfil vinculado a este usuario
            // caso ele não tenha acesso você pode redireciona-lo para uma 
            // pagina de erro/ou sem permissão.
        }
     }   
}

  • you have some example a little more detailed ?

  • What level of detail do you need? Because I think, with what you’ve specified, it solves, just create an administrative panel for this, some tables in the database and that’s it. Here = https://docs.microsoft.com/pt-br/aspnet/mvc/overview/older-versions/hands-on-labs/aspnet-mvc-4-custom-action-filters here’s an example that might help you.

  • You will have to adapt the logic to what you need. If it’s not something big, this will solve well.

  • Thank you very much helped me

Browser other questions tagged c# asp.net-mvc asp.net-mvc-5

You are not signed in. Login or sign up in order to post.