Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p>We have already used below concept to check authorization;</p> <p>Step 1:Need to create 3 different tables and enter appropriate data;</p> <p>A. Table: Actions</p> <p>ID:int,PK Controller:varchar(100) Action:varchar(100) HttpMethod:varchar(10)</p> <p>B. Table: Permission</p> <p>Id: int,PK Name: varchar(100)</p> <p>C. Table: Permission_Action</p> <p>Id:int,PK PermissionId:int, FK ActionId:int, FK</p> <p>Step 2: Create an ApplicationController that will be inherited from "Controler" class and all other controller should be inherited from "ApplicationController" instead of "Controller".</p> <pre><code>//Declaration of ApplicationController public class ApplicationController : Controller //Declaration of Other controller public class OtherController : ApplicationController </code></pre> <p>Step 3: For persistance, fetch all the controller and actions for a current user after authentication. Insted we can also fire SQL query every time.</p> <p>Step 4: In "OnActionExecuting" method you will have information about controller and action of the current request. Looked into controller action list, fetched in Step 3, to find out the current controller and action.</p> <pre><code> string controller = filterContext.RouteData.Values["controller"] as string; string action = filterContext.RouteData.Values["action"] as string; string httpMethod = filterContext.HttpContext.Request.HttpMethod.ToLowerInvariant(); </code></pre> <p>Step 5: If found then user has right to proceed with an action otherwise return predefined "SecurityResult"</p> <p>Example:</p> <p><em>NOTE:</em> actions related to "Authorization" should be assigned at the time of creating users. This part is excluded in this example;</p> <p>A. Action table data: </p> <p>{1,"Employee","Detail","get"},{2,"Employee","Create","get"},{3,"Employee","Create","post"},{4,"Employee","Delete","post"}</p> <p>B. Permission table data:</p> <p>{1, "View Employee Detail"},{2, "Create Employee Detail"},{3, "Delete Employee Detail"}</p> <p>C. Permission_Action table data:</p> <p>{1, 1, 1},{1, 2, 2},{1, 2, 3},{1, 3, 4}</p> <p>D. Now user "vrluckyin" has only permission for viewing data and creating employee.</p> <p><em>"Delete" action from "Employee" has not been assigned.</em></p> <p>After authorization, if "vrluckyin" user tries to call "delete" action of "Employee" controller then system will return security view instead of delete view.</p> <ul> <li>No need to write [Authorize] attribute on every action.</li> <li>We can add/remove/update user rights easily. Only Database changes!!!</li> </ul> <p>Enjoy!</p>
    singulars
    1. This table or related slice is empty.
    1. POGood practice to do common authorization in a custom controller factory?
      singulars
      1. PTQuestion
    1. PTAnswer
    1. USvrluckyin
    1. USvrluckyin
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload