1
I have here a Windows Forms + Sybase application that has an authentication scheme based on access profiles. The diagram of the database is as follows:
On the table Permission we have descriptions of all the features of the system. If you can access the customer register, if you can adjust the stock, if you can delete a product, if you can make a sale, etc.
On the table Profile we have "Manager", "Seller 1", "Seller 2", "Administrator", etc.
And the table Profile is the associative entity of the two tables, where we say which functions each profile has access to.
And each user has their profile, with the appropriate profile access permissions.
I am creating a Webapi for this system, but I am not able to reconcile this form of authentication of the current system with the possibilities of authentication of Asp.Net MVC.
I would like controller and action authorizes to be based on this permission scheme to grant or deny access to them.
Is there any way to tailor this access permission scheme of the current system to the "Authorize", "policy", "Claims", etc of Asp.Net Core MVC?