Routing Business Branches: Granular access control in ASP.NET MVC
Posted
by FreshCode
on Stack Overflow
See other posts from Stack Overflow
or by FreshCode
Published on 2010-04-28T22:30:46Z
Indexed on
2010/04/28
22:57 UTC
Read the original article
Hit count: 341
How should ASP.NET MVC routes be structured to allow granular role-based access control to business branches?
Every business entity is related to a branch, either by itself or via its parent entities. Is there an elegant way to authorize actions based on user-roles for any number of branches?
1. {branch} in route?
{branch}/{controller}/{action}/{id}
Action:
[Authorize(Roles="Technician")]
public ActionResult BusinessWidgetAction(BusinessObject obj)
{
// Authorize will test if User has Technician role in branch context
// ...
}
2. Retrieve branch from business entity?
{controller}/{action}/{id}
Action:
public ActionResult BusinessWidgetAction(BusinessObject obj)
{
if (!User.HasAccessTo("WidgetAction", obj.Branch))
throw new HttpException(403, "No soup for you!"); // or redirect
// ...
}
3. Or is there a better way?
© Stack Overflow or respective owner