3
Answers

Multiple ASP.NET Membership roles in the same Website

r p

r p

11y
1.4k
1

In my MVC3 application I have ASP.NET Membership roles like - Manager, System Admin and EditorI am using Windows Authentication for the website and I am adding the users in the Network to the Membership just like in the following example -

http://weblogs.asp.net/scottgu/pages/Recipe_3A00_-Implementing-Role_2D00_Based-Security-with-ASP.NET-2.0-using-Windows-Authentication-and-SQL-Server.aspx

But, my problem is there are people who require multiple permissions. For example

User-John is the Manager of Department-ABC and he can see all the Actions in Department-ABC.User-John is also Editor in Department-XYZ and he should be able to see all the Actions of an Editor in Department-XYZ;  but NOT the Actions of Manager; because he is not the Manager of Department-XYZ.

User Mathew is the Manager of Department-XYZ and he is an Editor in Department-ABC.

If I use normal role privileges, it will allow User-John to be the Manager of both departments and it is not right.

My solution is to store the DepartmentID, UserID and RoleID in a seperate table in SQL database and allow according to this table.

How can I get the role ID from ASP.NET Membership in C# and also in SQL?

Is it safe to do?  Is there a better solution?


Answers (3)