Register now or log in to join your professional community.
A better way to handle role permissions in ASP.NET Identity. ASP.NET Identity is integrated with an ASP.NET project it creates a few database tables where relevant user data can be stored.
AspNetUsers – the table where application users are stored AspNetRoles – this is where we store application roles (you can also think of them as groups) AspNetUserRoles – a mapping table where we store information about what users belong to what roles.
So far, so good. What we get out of the box is a way to create users, create some roles and assign users to roles. This follows the best-practice where we want to eventually assign application permissions to roles instead of individual users.
manually by using groups and all actions should be has a roles and mapping with it
Role management enables you to manage authorization for your application with categories you create, referred to as "roles." By assigning users to roles, you can control access to different parts or features of your Web application based on a role instead of, or in addition to, a user name. For example, an employee application might have roles such as Managers, Employees, Directors, and so on, where different privileges are specified for each role.
1- define your permissions
2- create group of permissions according to your business
3- assign users to suitable group
Use HttpModule to validate each request , you can store user context in Memory Cache (helpful for working across all web applications in the same host). Create the user context in database ,use hashing for password . Should be good to go.
You may use System.Web.Security.FormsAuthentication systems.
we can provide permissions for individuals in application