0

I have a comprehensive web platform where I have roles such as applicant, member, administrator (financial, technical, etc.). A member is a role that a web site applicant purchases a login account. During the lifecycle of this platform, a member is can be disabled for various reasons.

If a member wants to become active, he or she must have certain access, depending on the reason for their inactivity, for example, to pay for their annual subscription money or complete their qualifications.

The question is how can I restrict a disabled member from accessing certain functions. As we know, one of the easiest and safest ways is to use role attributes on top of the action  [Authorize (Roles = "member")] Assuming we have two reasons for deactivation, is it right to temporarily change the role of the member to one of those two reasons and given that the user no longer has the role of member? Solution Two: Is it the right thing to check in each of our important functions each time that the member is active? Or another way ... Thanks for guiding me. Respectfully

Hossein Bagheri
  • 23
  • 8
  • You won't disable `user` particuler time? – jishan siddique Nov 01 '19 at 12:33
  • Users will be deactivated due to a variety of conditions, such as document defects or expiration of charging ... – Hossein Bagheri Nov 01 '19 at 12:37
  • Sounds like you just need a custom `Authorize` attribute where you check those business logic rules you have defined, that's [pretty easy to do](https://stackoverflow.com/questions/13264496/asp-net-mvc-4-custom-authorize-attribute-with-permission-codes-without-roles). – DavidG Nov 01 '19 at 12:42
  • @HosseinBagheri so you need to manage `custom attributes` – jishan siddique Nov 01 '19 at 12:46

0 Answers0