StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POHandling different types of users in asp.net mvc
primarykey
Id
6189669
data
AcceptedAnswerId
6189748
AnswerCount
2
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2011-05-31T15:09:17.757
FavoriteCount
1
LastActivityDate
2011-06-08T12:50:25.413
LastEditDate
2011-06-06T16:17:33.437
LastEditorUserId
475607
OwnerUserId
475607
ParentId
0
PostTypeId
1
Score
1
ViewCount
1614
LastEditorDisplayName
text
Body
I have 3 different types of users (with different roles) interacting on my web application, they all perform some task - some can be exactly the same e.g. create a quote others can be unique to that specific user e.g. sign off quote. For more clarity 3 types of users: Client, Supplier, Customer. Client or Customer can create a quote, however only the Customer can sign off a quote. How do I ensure my application allows clients to access client speficic controllers and suppliers to access supplier specific controllers or areas. Via Custom Attributes? Do I store the type of user inside a cookie? Is this safe? or Session state? As soon as someone logs onto the system I send back a LoggedOnDTO object on which I store Username, UserID, and type of user.... NOTE: I went away from asp.net build in way of creating users, I have my own custom tables with my custom mechanism for logging into the system. I have a registered Model Bindiner that looks for the prefix and I send in a strongly typed object to each action... Sample code: <pre><code>[HttpGet] public ActionResult AddComment(int quoteid, ClientUserDTO loggedonclientuser) { } [HttpGet] public ActionResult AddCommentSupplier(int quoteid, Supplier loggedonsuppluser) { } </code></pre> EDIT: This method for some reason seems so much simpler... Is there something wrong with it? Any possible security issues? Threading? My session controller is: <pre><code>if (_authService.isValidUser(model)) { var data = _authService.GetAuthenticationCookieDetails(model); AuthenticateCookie.AddDetailsToCookie(data); return Redirect(Url.Action("Index", "Activity")); } </code></pre> When I create my cookie... I can simple store "ClientUser", "Supplier" or whatever role they are inside the cookie. Then I can create an Attribute and read in the cookie data to see if they are a valid user e.g. <pre><code>public class ClientAuthorizationAttribute : AuthorizeAttribute { public bool AlwaysAllowLocalRequests = false; protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext) { if (AlwaysAllowLocalRequests && httpContext.Request.IsLocal) { bool authorized = false; var result = UserDetails.GetTypeFromTicket(httpContext.User.Identity as FormsIdentity); if (result.Equals("client", StringComparison.OrdinalIgnoreCase)) { authorized = true; } //throw no access exception? return authorized; } return base.AuthorizeCore(httpContext); } } </code></pre> Register the attribute under my base controller and I have a simple working solution???
Tags
<c#><asp.net><asp.net-mvc>
Title
Handling different types of users in asp.net mvc
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USHaroon
UserOwnerUserId
1. USHaroon
plurals
PostLinksPostIdRelatedPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
2. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
2. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POHandling different types of users in asp.net mvc
 UserUserId
 USJoshua
 VoteTypeVoteTypeId
 VTFavorite
2. VO
 singulars
 PostPostId
 POHandling different types of users in asp.net mvc
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.