0

I have rows with different guids in my database table:

public class News
{
    public int NewsId { get; set; }
    public string title { get; set; }
    public string description { get; set; }
    public int guid { get; set; }
}

And I want to create groups of users, that will be able to view news with a certain guid. I am using ASP.NET MVC template with users authentication, but I can't understand how should I approach my goal? I can register users, I read about roles and filters, but it didn't help.

[Authorize]
public ActionResult GetNews()
{
 // GET USER GUID AND RETRIEVE NEWS WITH THIS GUID??
}

Should I somehow search how to retrieve user's id in controller method, than make query to database and get users group to filter news list or there is solution more easy?

Also, in Django I was able to control users from prebuild admin panel, has ASP.NET MVC similar thing, or I should make my own controller for this? I need somehow add users to groups/(give them roles) if I want to filtering content for different users.

Improve this question
3
  • What have you already tried and it didn't work? Commented Oct 1, 2015 at 18:35
  • I need a direction what to do, I read about AuthenticationFilter, ActionFilterAttribute and other filters and looks like it can't help me. I am sure ASP.NET MVC should have some technology to make it easy , I just don't know what is it Commented Oct 1, 2015 at 18:44
  • 1
    Have you tried looking into properties of your controller? The one called User, perchance? Commented Oct 1, 2015 at 20:04

2 Answers 2

Reset to default
1

Use User property of ur controller.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

There couple of ways to achieve that, here's my version. the GetNews() method should only be responsible of getting the new news and return an Actionresult . the logic of checking the user ID or anything else should not be managed inside this method SOLID

As for controlling who should have access to the GetNews() , you can benefit from the authentication logic already implemented in your app. the attribute [Authorize] will only give access to authenticated users to use your method. try to add a role based logic as well, by extending the functionality . something like [Authorize(Roles = "NewsMembers")]

BONUS

sample code to add a role :

 private void AddRole(String roleName)
        {
            var roleManager = new RoleManager<IdentityRole>(new RoleStore<IdentityRole>(new ApplicationDbContext()));
            var role = new IdentityRole();
            role.Name = roleName;
            roleManager.Create(role);
        }

Sample code to add role to a user

public void addRoleToUser(string UserId,string roleName)
        {
            var context = new ApplicationDbContext();
            var userStore = new UserStore<ApplicationUser>(context);
            var userManager = new UserManager<ApplicationUser>(userStore);
            userManager.AddToRole(UserId,roleName);
            userManager.Dispose();
            userStore.Dispose();
        }
Improve this answer

1 Comment

It seems the GetNews() method implementation you promised is missing from your answer.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.