I am using forms based authentication but wondering if there is any out of box way to handle lite authentication. I want to grant access to some catalog pages if the user has provided basic info like email\name etc but restrict access to commerce pages if
not yet provided address\credit card etc. The user needs to be shown as authenticated in both cases but it's just a state of being partial vs fully registered with our site. Now forms based authentication does not differentiate between the two states but I
want to handle it globally in the application at the MVC route\action level.
I know it's not meant to be used like this but could I consider using "Roles" ? In this way at the MVC route, I can predefine the role to restrict access and grant based on user supplied info at the time of authentication.
Or is there a better way to handle this without writing much customization ? I also have to supply a page asking for additional info(Address\Credit card) if the user tries to access a commerce page.
Using the techniques described there you can use the Authorise attribute to control access at the action level. You can also makes permission checks within the view or the model.
You know you posted this in the "Web Forms" board?
-- Sam Critchley
"Wise man say 'forgiveness is divine, but never pay full price for late pizza." - TMNT
vishkakkar
Member
6 Points
24 Posts
Lite vs Full - Forms Based Authentication in MVC
Apr 28, 2012 10:31 PM|LINK
I am using forms based authentication but wondering if there is any out of box way to handle lite authentication. I want to grant access to some catalog pages if the user has provided basic info like email\name etc but restrict access to commerce pages if not yet provided address\credit card etc. The user needs to be shown as authenticated in both cases but it's just a state of being partial vs fully registered with our site. Now forms based authentication does not differentiate between the two states but I want to handle it globally in the application at the MVC route\action level.
I know it's not meant to be used like this but could I consider using "Roles" ? In this way at the MVC route, I can predefine the role to restrict access and grant based on user supplied info at the time of authentication.
Or is there a better way to handle this without writing much customization ? I also have to supply a page asking for additional info(Address\Credit card) if the user tries to access a commerce page.
worldspawn[]
Contributor
6081 Points
1336 Posts
Re: Lite vs Full - Forms Based Authentication in MVC
Apr 29, 2012 12:48 PM|LINK
You could employ a permission based system that had two permissions such IsPartiallyRegistered and IsFullyRegistered.
Check out this post: http://forums.asp.net/post/4948716.aspx
Using the techniques described there you can use the Authorise attribute to control access at the action level. You can also makes permission checks within the view or the model.
You know you posted this in the "Web Forms" board?
"Wise man say 'forgiveness is divine, but never pay full price for late pizza." - TMNT
software development