0
I am refactoring an application that I am developing, applying good practices in ASP.NET MVC, there arose a difficulty in understanding Claims and how to apply it to replace the Session use. When I log in to the application Save some information in Sesssions as below in the code:
//
// POST: /Account/Login
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{
if (!ModelState.IsValid)
{
return View(model);
}
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, change to shouldLockout: true
model.Email = model.UserName;
var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: false);
switch (result)
{
case SignInStatus.Success:
var user = await UserManager.FindAsync(model.UserName, model.Password);
Session["UserId"] = user.Id;
Session["PerfilUsuario"] = user.PerfilUsuario;
switch (Session["PerfilUsuario"].ToString())
{
case "1": //Administrador
Session["SetorVisivel"] = true;
Session["ObraVisivel"] = true;
Session["TipoChamadoVisivel"] = true;
Session["SelecionarResponsavelAbertura"] = true;
break;
case "2": //SuperiorBRA
Session["SetorVisivel"] = false;
Session["ObraVisivel"] = true;
Session["TipoChamadoVisivel"] = false;
Session["SelecionarResponsavelAbertura"] = false;
break;
case "3": //Tecnico
Session["SetorVisivel"] = true;
Session["ObraVisivel"] = false;
Session["TipoChamadoVisivel"] = true;
Session["SelecionarResponsavelAbertura"] = true;
break;
case "4": //Usuário
Session["SetorVisivel"] = true;
Session["ObraVisivel"] = false;
Session["TipoChamadoVisivel"] = false;
Session["SelecionarResponsavelAbertura"] = false;
break;
case "5": //Gestor
Session["SetorVisivel"] = true;
Session["ObraVisivel"] = false;
Session["TipoChamadoVisivel"] = true;
Session["SelecionarResponsavelAbertura"] = true;
break;
case "6": //Administrador da Obra
Session["SetorVisivel"] = true;
Session["ObraVisivel"] = false;
Session["TipoChamadoVisivel"] = true;
Session["SelecionarResponsavelAbertura"] = true;
break;
default:
Session["SetorVisivel"] = true;
Session["ObraVisivel"] = false;
Session["TipoChamadoVisivel"] = true;
break;
}
if (user.PerfilUsuario == 1 || user.PerfilUsuario == 6)
{
return RedirectToAction("Index", "Home");
}
else
{
return RedirectToAction("Index", "Chamado");
}
case SignInStatus.LockedOut:
return View("Lockout");
case SignInStatus.RequiresVerification:
return RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = model.RememberMe });
case SignInStatus.Failure:
default:
ModelState.AddModelError("", "Invalid login attempt.");
return View(model);
}
}
I wanted to withdraw the use of Session and put in Claims, I believe I’m still having doubts in the understanding of Claims so I’m not visualizing how to replace, who can help me, I’ll be very grateful.
This is the bad way to do it. The right way would be to put in each Controller an authorization attribute, and this attribute confers what must be displayed or not.
– Leonel Sanches da Silva
Hello @Ciganomorrisonmendez would have some reference to better understand how this authorization attribute would work in Controllers?
– Anderson Souza
Clear-cut! Here it is.
– Leonel Sanches da Silva