asp.net mvc - MVC 4 - RoleProvider to manage authenticated users permissions with different scopes -


here problem mvc 4 internet project using forms authentication. lets have hotels , want authorized users accessing each under different roles.

so user logs in. dropdownlist selects target hotel , application´s security responds accordingly.

i need [authorize(roles = "administrator")] in hotel scope.

my first aproach inheriting authorizeattribute , override authorizecore shown in thread

from there httpcontext.session["hotelid"] , query userrolesinhotel table. said, should have own roles table structure similiar userid, roleid, hotelid. simpleroleprivider comes short task , forced create customeroleprovider. roleprovider methods don´t handle params need hotelid when adding new role user.

for clarification:

  1. user logs in user/password ->ok (simplemembershipprovider)
  2. authenticated user selects hotel 1 -> user "administrator" hotel 1.
  3. authenticated user change hotel 2 -> user "user" in hotel 2

i can have number of hotels.

  1. user -> hotel 1 -> { "administrator", "user"}
  2. user -> hotel 2 -> { "user" }
  3. user -> hotel 3 -> { "owner" }
  4. user -> hotel 4 -> { "administrator" }

the list of roles same.

i´ve been struggling implementation couple of days , couldn´t come pratical solution. thougths appreciated.

thanks!

this did:

  • added defaultbuildingid user profile.

  • then created customroleprovider , overrided getrolesforuser method this

    public override string[] getrolesforuser(string username) {     if (httpcontext.current.session != null)     {         var user = _userrepository.getbyname(username);          if (!user.isactive)         {             throw new applicationexception(string.format("some message {0}", username));         }          if (httpcontext.current.session["buildingid"] == null)         {             var building = _buildingrepository.get(user.defaultbuildingid);             if (building == null)             {                 throw new applicationexception("error message");             }              httpcontext.current.session["buildingid"] = building.buildingid;         }          int buildingid = convert.toint32(httpcontext.current.session["buildingid"]);         return _userrepository.getrolesforuserinbuilding(user.userid, buildingid).toarray();     }      throw new applicationexception("error message."); }

    • added custom authorizeattribute 

      protected override bool authorizecore(httpcontextbase httpcontext) { var authorized = base.authorizecore(httpcontext); if (!authorized) {     return false; }  var repo = unitymanager.resolve<iuserrepository>(); var buildingid = (int)httpcontext.session["buildingid"]; var username = httpcontext.user.identity.name; var user = repo.getbyname(username); var userrolesinbuilding = repo.getrolesforuserinbuilding(user.userid, buildingid);  foreach (var role in roles.split(',')) {     if (userrolesinbuilding.contains(role.trim()))     {         return true;     } }  return false;

      }

    • and how use @ controller or action level.

      [buildingathorize(roles = "administrators")]

i added ddl layout let user change building , set new buildingid overriding value @ session/db. way user can work in different hotels during same session , access areas , functionality has particular hotel.


Comments

Post a Comment

Popular posts from this blog

SPSS keyboard combination alters encoding -

my question not have programming practical issue on spss. accident keyword combination cannot remember because did not intend press changed encoding in spss , text in data in different language english shown small boxes. nevertheless, when kind of analysis performed different language text shown in output. does know reason? tried change encoding did not produce result. first, @ edit > options , see whether setting unicode or locale. might fix it. if have text in multiple languages, want unicode. otherwise, may have specific locale set wrong. can change set locale, need know locale want use.
Read more

Add new record to the table by click on the button in Microsoft Access -

in ms access form want implement separate button, adds new record table. in order added button , attached button event: private sub btnaddrec_click() refresh codecontextobject on error resume next docmd.gotorecord , , acnewrec if err.number <> 0 btnaddrec.enabled = false end if end end sub everything ok when open window , click btnaddrec button, problem when first of perform navigation through existed records , after click on button. got runtime error: 2105: «you can't go specified record. may @ end of recordset» . how solve issue, need have ability add new record on click on specific button, no matter, have walked or not walked through records before. thanks. i created simple form field call description (and autonumber) , created button code follows click event. filled number of records , navigated through them, clicked addnewrec button. form navigated new record without issues. able click addnewrec button directly after
Read more

CSS3 Transition to highlight new elements created in JQuery -

i want use css3 color transition apply highlight-fading color effect (yellow transparent) new elements appended markup using jquery. css #content div { background-color:transparent; -moz-transition:background-color 2s; -webkit-transition:background-color 2s; -o-transition:background-color 2s; transition:background-color 2s; } #content div.new { background-color:yellow; } html <div id="content"></div> <a id="add-element" href="#">add new element</a> js $('#add-element').click(function() { var newelement = $('<div class="new">new element</div>'); $('#content').append(newelement); newelement.removeclass('new'); }); when click link, new element created. class "new" (background color yellow) , it's appended html markup. should able remove "new" class trigger background color transition transparent (or whate
Read more