Databases
StackOverflow2013
Postsdbo
POPermission-based authorization in ASP.NET MVC3
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POPermission-based authorization in ASP.NET MVC3
    primarykey
    data
    text
    <p>I am adding ASP.NET MVC to an existing WebForms application. For the time being, I don't care about authentication/logging in, since this part is handled by existing code (Forms authentication).</p> <p>In the existing WebForms application, we have a fully custom permission-based authorization per page. So each user has a set of rights, listing the pages he is allowed to access.<br> Now I need to decide how I can use the same permission system to restrict access to specific MVC controllers and actions.</p> <p>As I understand, for ASP.NET MVC there is a standard <a href="http://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute.aspx">AuthorizeAttribute</a> where I can specify roles. I also found some articles which suggest specifying permissions instead of roles - then it's possible to do something like this:</p> <pre><code>[CustomAuthorize(Roles = "View products, Edit products")] </code></pre> <p>By extending AuthorizeAttribute, I can also define how I store and access permissions.</p> <p>This solution would be acceptable for me (although changing the semantics of roles smells a bit).<br> But before committing to it, I'd like to see what other options there are. And that's where I am stuck - I haven't found a full-blown overview of different approaches on authorization in ASP.NET MVC. I would also like to know how all the security concepts (like Forms Authentication, Membership Providers, Authorization Attribute, IPrincipal, etc.) are related to each other and how they are supposed to work together.</p>
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. USDmytro Shevchenko
    1. USDmytro Shevchenko
    plurals
    1. PL
      singulars
      1. LTLinked
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POPermission-based authorization in ASP.NET MVC3
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. POPermission-based authorization in ASP.NET MVC3
      1. USstephen776
      1. VTFavorite
    3. VO
      singulars
      1. POPermission-based authorization in ASP.NET MVC3
      1. USDmytro Shevchenko
      1. VTFavorite
    1. COIs this similar to what was tried here: http://stackoverflow.com/questions/10338734/custom-security-scenario-in-asp-net-mvc/
      singulars
      1. POPermission-based authorization in ASP.NET MVC3
      1. USantijon
    2. CO@antijon as far as I understand, it's similar to implementing a custom AuthorizeAttribute. But I'd like to find out in more detail about other options and their pros and cons.
      singulars
      1. POPermission-based authorization in ASP.NET MVC3
      1. USDmytro Shevchenko
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload