1
I’m researching how to implement an access control in my web application.
I am using Asp.Net MVC with Identity, the idea is that a certain user can only access certain page.
So, in research I found that we can use AuthorizeAttribute, first we can define only as [Authorize], where only authenticated users can access the method in question.
Also, I checked that we can use [Authorize(Roles="Administrators")] where only users who satisfy this condition will be able to access the method in question.
But how do I define these Roles? in research by Stackoverflow, I found an answer on: Asp.Net Identity, how to use only Roles or Claims?, that has already cleared up some doubts.
Also, in Internet search, I found some talking people who have to set up on web.config, ref: Managing Authorization Using ASP.NET Roles?
Then it caused me a confusion:
- Which model is correct?
- It has advantages, or disadvantages between one or the other?
- Which model uses the tables of
identitythat is, SQL Server?
