0

I am new to MVC, but I have a good experience in C# Winforms, Database Designing and normalization. I want to define a User and his roles dynamically, using MVC.

Detailed Description

There is an Organization with the Head Of Department(HOD). There are several branch offices and each office have a Branch Head Officer Working under HOD. Each Branch Officer has a power to Assign Different Accessibility to his employees. For Eg: A Cashier can also have an access to Generate Bills.

My Problems are:

  1. HOD(Admin) Will Create A Branch Officer(BO).HOD Will Have Access To all the defined Actions in All the controller.
  2. How BO Can create a User that can have access only to the "Controllers's Actions" defined by the BO , and What If the Second Level User Want to create another third level user
  3. BO and his descendants will have access only to their Branch Office. They cannot see Any details of another Branch, but HOD can view any detail of any Branch. (I want this Authorization at Server Side to avoid Cross Site Scripts)

Please guide Me, How Can I Implement This Model of Multi Access Level And Dynamic Role Management?

I have searched a lot but Couldn't found anything that can help me. BTW This Project is Employee Management System that includes Payroll, Leave Management, Employee Service Book etc. Thanks in advance.

Improve this question
3
  • 1
    Which MVC Version are you developing this in? The simplest solution i can think of is to use weblogs.asp.net/jongalloway/… a role based authentication and decorate your controller's or actions with Authorize attribute . e.g. [Authorize(Roles="HOD,BO")] Commented Jan 2, 2016 at 20:43
  • I am using MVC 5 , .net Library 4.5 Commented Jan 2, 2016 at 22:31
  • I think this link is the one you want.Follow the steps and i think you wont be far off but post specific question's where you get stuck. dotnetcurry.com/aspnet-mvc/1102/aspnet-mvc-role-based-security . Commented Jan 2, 2016 at 22:37

1 Answer 1

Reset to default
1

Just for guidance not to be take as a 100% solution.

If you are using MVC 5 you can use ASP.NET Identity Core

There are two common authorization approaches that are based on Role and Claim.

This is role based authentication. So basically you create roles as per your requirement, then you assign those roles to users. So the user immediately gets all the access rights defined for that role.

In your database:

You will have a list of users in AspNetUsers table

List of Roles in AspNetRoles table --> Admin, Branch Manager, Manager etc

Then finally decorate your controller or action with [Authorize(Roles="Admin, etc")]

[Authorize(Roles = "Admin")]
public ActionResult TestMethod()
{
    ViewBag.Message = "This View is designed for the Admin's";
    return View();
}

Or Whole Controller

[Authorize(Roles = "Admin")]
    public class TestController 
    {

    }

So once those are in place you will have a create an action where the admin can assign roles to others. Branch Officer can assign roles to employees.

Useful link: http://www.dotnetcurry.com/aspnet-mvc/1102/aspnet-mvc-role-based-security http://www.asp.net/identity/overview/getting-started/introduction-to-aspnet-identity

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

First of all thanks for the Guidance,I had an idea of authorize attribute but I am not sure if it will work dynamically.I'll implement this Attribute in my controller as per your guidance and will update If it solves my problem. Thanks again!!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.