Last post Dec 15, 2015 11:54 AM by infovish
Feb 17, 2015 02:24 PM|GuaGua0308|LINK
I'm using Database First, EF 6, Visual Studio 2013 Pro.
I would like that when the application is started, no menu is available unless you enter some user (dont know who to do that).
Next, I want that when entering a user is allowed to see what your role allows. That includes, deny access to certain menus and options for tables (eg access to edit or delete a record).
That would be for a "assistant" user. But for a user "admin", access to all menus and all table options.
I dont know if I have to create a user/roles tables on my database.
The application is almost complete, only I need to handle this.
Feb 24, 2015 03:43 AM|Archer Wang|LINK
According to your requirement, it is too broad. Could you please provide more details about your requirement. For more information, please refer to below link.
If you select Individual User Accounts, the sample application will be configured to use ASP.NET Identity (formerly known as ASP.NET membership) for user authentication. ASP.NET Identity enables a user to register an account, by creating
a username and password on the site or by signing in with social providers such as Facebook, Google, Microsoft Account, or Twitter. The default data store for user profiles in ASP.NET Identity is a SQL Server LocalDB database, which you can deploy to SQL
Server or Azure SQL Database for the production site.
In Visual Studio 2013 these features are the same as in Visual Studio 2012, but the underlying code for the ASP.NET membership system has been rewritten. Advantages of the new code base include the following:
The new membership system is implemented automatically in the new templates, and it can be implemented manually in any project that targets .NET 4.5 or later.
ASP.NET Identity is a good choice if you are creating an Internet web site which is mainly for external customers. If your organization uses Active Directory or Office 365 and you want to create a project that enables single-sign-on for employees and
business partners, the Organizational Accounts option might be a better choice.
For more information about the Individual User Accounts option, see the following resources:
Also, I notice this case
http://stackoverflow.com/questions/28568485/how-to-manage-users-and-roles-on-my-asp-net-mvc-5-web-application, others have suggested something you could refer to.
Dec 15, 2015 11:54 AM|infovish|LINK
You could use default ASP.NET membership provider but I believe that doesn't fulfills main concepts of RBAC that includes Audit. Membership provider is extensible but is not secure by design. I have the same requirement like yours and while looking to the solution
online, I came to the following link which gives useful information about designing and creating RBAC in MVC.