I'm having some troubles determining what is the best practice to secure routes in .NET using EF7 and MVC. I have my own table Roles (so I'm not using the AspNetRoles).
Is the correct approach to (in my Commoncontroller) make something according to this:
public class AuthorizeAllExceptAdmin : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
return !httpContext.User.IsInRole(Constants.ROLES_ADMINISTRATOR);
}
}
(this comming from: ASP .NET MVC Securing a Controller/Action).
Or how is it done? I've trying to read up a little, but I couldn't really find a valid answer.
Also, the post above is a little bit old, so can I still use that?
Thank you