0

I have a MVC 3 application which works on role based access, for roles I have used asp.net membership, which handles everything very smoothly.

Now I want to introduce access based permission in my application in such a way that it should work with earlier roles, as well as with my new access based approach.

I have list of existing roles in an enum, if the role of user is in that enum then existing authorization should work. But if role of user does not exist in the enum, then my new logic should check the access.

Typically my controller method will look like:

[CustomAuthorize(Roles=Roles.Role1,Roles.Role2, Access="CanDoThis")]
void MethodName(parameters)
{
 //Some code.
}

Now if current user has Role1 or Role2 then he should get access and if not, then his role (whatever it may be) should have "CanDoThis" permission.

I looked for solution and found a near by solution Here, but it answers the second part only and not with the combination of first one.

Even if not the exact solution but a pointer in that direction will also be helpful.

Community
  • 1
  • 1
PM.
  • 1,630
  • 1
  • 28
  • 34
  • You wrote access-based control in your title. Did you mean "attribute-based access control"? – David Brossard Dec 18 '13 at 13:56
  • @DavidBrossard No I mean access based. As I have shown in code of my question. So if user has role XYZ, and this role has two access "CanDoThis" and "CanDoThat", then all methods which has either of these two 'Acess' attribute above them will be accessible by this user. – PM. Dec 19 '13 at 04:54

0 Answers0