All geek questions in one place

What is the best way to configure user authorization when using user privileges for something other than specific accounts / roles?

I am trying to write an ASP.NET MVC application where the user privilege is based on dots and not on a hard-coded role as such. I tried to research authorization and membership providers, but all the information I find indicates role-based authentication, which is not really part of my model.

At the time of writing this question, I wonder if I even understand the right things. Will this be a regular role provider? Is there such a thing? It suddenly occurs to me that having a custom role provider that checks user points to determine if they are in a specific role or not might be the easiest way, but I have no idea which keywords I need to use in relation to ASP.NET MVC to find the information you need.

What is the best way to achieve this?

+3
source share
1 answer

, authorize, AuthorizeAttribute, . , , , .

public class PointAuthorizeAttribute : AuthorizeAttribute
{
    public int PointsRequired { get; set; }

    protected override bool AuthorizeCore( HttpContextBase httpContext )
    {
         if (base.AuthorizeCore( httpContext ))
         {
             var name = httpContext.User.Identity.Name;
             using (var db = new SomeDataContext())
             {
                 var userPoints = db.Users
                                    .Where( u => u.UserName == name )
                                    .Select( u => u.Points )
                                    .SingleOrDefault();
             }
             return (userPoints >= PointsRequired);
         }
         return false;
    }
}


[PointAuthorize( PointsRequired = 50 )]
public ActionResult Comment( string comment )
{
}

, , , . OnAuthorization , , , , AuthorizationContext .

+5

Source: https://habr.com/ru/post/1721574/

More articles:


All Articles