We have been developing a web application in ASP.NET MVC. We have scenarios where many actions on web page are dependent upon role of a specific user. For example a memo page has actions of edit, forward, approve, flag etc. These actions are granted to different roles and may be revoked at some later stage.
What is the best approach to implement such scenarios?
Best Answer
I would just use standard ASP.NET Membership to manage your users - I'm primarily a Webforms developer who has only dabbled with MVC, sadly, but I see it is included if you create a new MVC Web Application project using the Internet Application template.
Roles are managed using the System.Web.Security.Roles class which has simple methods
AddUserToRole()andRemoveUserFromRole()that can be used to grant and revoke permissions.And then your individual pages use the
IsUserInRole()method to check whether to allow various actions.