0

For an upcoming project, I need a user management system that is a bit more complicated.

My site should work with consumers and providers.

Every consumer could have different roles, depending on the provider he works with.

Until now, my actions were "protected", using the implemented user management like 

[Authorize(Roles = "Admin")]

Now, I will have different combinations like the roles ConsumerOnProviderA or AdministratorOnProviderB.

So the user-workflow will be like this:

  • Login
  • Select the provider to act with
  • Depending on the selected provider and the defined role, interact with the site.

So not before selecting the provider, the role of the user is set.

Is there an existing (safe) implementation or workaround for such a scenario?

I hope I was able to clearly explain my goal.

Thanks Carsten

marc_s
  • 675,133
  • 158
  • 1,253
  • 1,388
Telefisch
  • 293
  • 1
  • 11
  • "Depending on the selected provider and the defined role, interact with the site." What kind of interaction do you mean; Different content or pages depending on the selected provider? – Jerdine Sabio Feb 16 '20 at 12:39
  • Interaction is on same site but with different data. Imagine you are CEO of mobilephone company A and also have a contract as customer to company B. As CEO, you‘ll see the data of your own company and as Customer you only see your personal information. So I need to check, which datatype you‘re allowed to have access to. Also read-write-permissions could be controlled by that or visibility of some detail-sites. – Telefisch Feb 18 '20 at 10:51
  • Ok, as it seems that my question is not this trivial, I‘ll try to ask it other way. Can I advise the user role, depending on some selected value? Example, user selects company A and he will become superuser. After he selects company B, he will become user. – Telefisch Feb 21 '20 at 09:21
  • Identity Roles in asp.net allows 1 user to be a member of many roles. So 1 person can be member of AdminClientA and CustomerClientB. But you'd have to change the code whenever you have a new client, like a ClientC. This might help; a custom attribute for authorization https://stackoverflow.com/questions/13264496/asp-net-mvc-4-custom-authorize-attribute-with-permission-codes-without-roles – Jerdine Sabio Feb 21 '20 at 09:42
  • There's also `if(User.IsInRole("AdminClientA")){ // do something }` in both razor (html) and inside the controller. Hence, you could customize whatever to display to the user. – Jerdine Sabio Feb 21 '20 at 09:44
  • Are you storing the data in separate databases? – Jerdine Sabio Feb 21 '20 at 09:48
  • Data is stored in only one database, so of course I have to filter the data inside controller-action. I know ‚User is in role‘, but that was my question, can I assign the user to a group dynamically AND can I assign new groups to the controller permission dynamically? E.g. if there is a new company... I think I need to play around with it, a little bit. – Telefisch Feb 21 '20 at 13:35

0 Answers0