ASP.net MVC - Save user permissions

Question

ASP.net MVC - Save user permissions

Asked 8 years ago

Viewed 339 times

0

I’m developing my first . net MVC application.

Usually when working with Web form, after the user logs in his information (name, email, permissions, etc.) was saved in the session. This way, each request could validate if it actually has permission to access a page or functionality without the need to read the database again.

I’ve been reading some posts related to not using Session to store this type of information, since it can compromise the scalability of the application. Based on this, what would be the best way to store logged-in user information? Validating permissions when a request arrives on the server?

2 answers

1

The best thing to do in MVC is to use Identity. I had made my own access control but surrendered to Identity from version 2.x as it is much more flexible than in previous versions. It uses the database, when you create a new application and register a user it will automatically create a local express database in your application and creates the tables and records this new user. But you can also record these tables in an external database and change the Connection string for this database, with this you will have your access control in your own database. Here is a link that will explain Identity step by step: http://eduardopires.net.br/2014/08/asp-net-identity-tutorial-completo

Browser other questions tagged asp.net-mvc

You are not signed in. Login or sign up in order to post.

by nelson correa v. júnior • 11 points · Answer 1 · 2016-10-12T21:10:22+00:00

Currently the best authentication/authorization model is through a token running it through the request header.

There is a specification that addresses this, is the Openid Connect (OIDC).

The big players use this specification so you can integrate and use their login service (Google for example).

While advising you to use OIDC, I do not advise you to implement the specification. Browse Identity Server 4 (identityserver4) and see the examples they have in the github repository.

Using OIDC you will get support for webforms, mvc, spa, console, mobile applications.

In the end, you will outsource the login process of your application, delegating this work to another application and maintaining a relationship of trust between applications.