ASP.NET MVC with multiple user tables and roles - asp.net

I have an application that uses a client table, a company user table and an admin user table to manage companies. Companies have an admin area where they manage their users with roles of what their users can do, and a level above that the admin manages users that have their roles for managing all companies.
The question is: I want to use asp.net identity with authorize and roles in the appropriate controllers. Is there a way to integrate the existing user tables and roles for all three levels of users?

you can create a referrence table with many to many relationship to the asp.net users table like the below:
1- ASP.NET Users (The one Identity provider will give you)
2- Custom Table called (CompanyUsers) that takes the company ID and User ID
3- all tables linked to the above custom table

Related

Extending User information inside asp.net mvc 5 project

I have created a new asp.net MVC-5 web application , and I define individual user accounts as the authentication type.
Now when users register a new account they can enter email and password. Now I want to extend the users information when registering their account as follow:-
First name
Last name
Data of birth
Country
City
Address
Etc…
Now I am not sure what is the recommended way to extend the user info. Now I am trying to do the following 2 steps, as when the project was created a new database has been created automatically and it has a table named “ASPNETUSers”, which store the users info.
So I am thinking of adding the additional fields inside this table.
Then to modiy the “Account >> Register” view to render the additional fields.
So can anyone advice if my above 2 steps to store additional info about the users upon registration is valid ?or I should not modify the built-in database tables which include the ASPNETUSers ??

ASP.NET Identity multiple profiles

This is an ASP.NET MVC 5 application using Identity and EF.
EDIT
Entities:
ADMIN: Web site administrators. All of them would have an admin role and other roles depending on the resources they can access iwithin the administration panel.
USERS: Common users. The could access to their private panel to edit their profiles and access some services.
TEAMS: Work teams. A work team consist in a group of users and one user can be in many different work teams.
Scenario:
I'd like to have 3 different login pages: administration panel, one for the common users and another one for the work teams.
How can I have 3 different login pages since Identity allows you to set just one?
I'm thinking to have a user as the admin of each work team. That user can get into the work team private zone, but how can I do that?
Also, that user can give rights to other users in the work team to get into the work team zone.
So on the work team private zone I have to controll not only the user logged but also the work team id to show its data.
Thanks in advance.

Creating my custom security role and custom user group tables, to implement custom authorization for my asp.net mvc web application

I am working on an Intranet Asp.net mvc with windows authentication enabled. I am building an asset management application, and I need to define user groups and security roles. For example I have a group that contains senior HR employees; this group will be linked to a security role. The security role will allow for example to add new vehicles, but only allow reading the information about IT assets such as PC, etc.
But since I am working on intranet and the users exists in the Active Directory, and I want to link the user groups to customize security role. So is it a recommended approach to use my own userGroups table and securityRole table to store the information about the user groups and their security roles.
Currently I only use the users from AD , but stores the info about user groups and security roles inside my custom tables. As this will give me more flexibility of implementing the requirements, OR it is recommended to use the build-in groups and role management that comes with asp.net?
Thanks
If the ability exists to maintain the active domain groups there is no reason to maintain a local groups table isinrole can be used for group access checks

ASP.NET Custom Role Provider - Additional Fields

I am faced with a security model problem when migrating my code to ASP.NET.
In the application:
There are multiple roles. (Role A, Role B etc)
There are multiple input/output fields. (Field A, Field B etc)
There are multiple permission levels controlling access to each field. (Read, Direct Edit, Edit With Approval, None)
Each role has its own permissions to fields. (Role A has Read Permission to Field A; Role B has Direct Edit permission to Field A etc)
Every role can be assigned to users and they are assigned by Geographic information. (User A is assigned to Role A for Continent: Europe - Country: Germany; User B is assigned to Role A for Continent: Europe - Country: France; User A is assigned to Role B for Continent: Europe - Country: France etc)
Users can have multiple roles
User identity is coming from Windows Authentication.
So my question/problem is: is it possible to represent this type of kind of multi-layered security model using ASP.NET internal membership/role providers?
If so, what should my starting point be? Creating only custom role provider with custom methods and fields be enough?
Even with the built in features of ASP.NET, the Membership Provider, and user controls, you will still have to write and manage the custom behaviors and interactions.
As example, the Membership Provider has easy ways for your to create roles and check for the existence of roles. But you will have to create the business specific dashboard call the features of the API that are appropriate to expose for your application. As example, at many of the organization that I have worked with role creation was a database only activity. User controls or site behaviors based on role were a code only activity. Managing which roles were assigned to users was a feature exposed via an admin page in the application. If a need for a new role was identified, it had to be first created by a DBA, then code/controls that were responsive to that role had to be written. After these items were deployed, application administrators could assign or remove roles to users.
To address you comment to your question, if you have Europe_Germany_RoleA, the Membership API provides methods for you to create that role, map it to a user, and to check for its existence on a particular user. like...
if(User.Roles.Contains("Europe_Germany_RoleA")) {
//your code here
}
but you would need to map that particular role to information or features specific to your application.
In retrospect, maybe what you really want to look at is the Profile Provider. Still part of the Membership set (Membership, Roles, Profiles), it is more designed to carry information. You could customize the Profile object to meet the needs of your application. For example, if you looked at this as Sectors (for lack of a better term) that could be loaded when the user logged in, you could do queries like...
if(Profile.Sectors.FirstOrDefault(sd=> sd.Name == "Europe_Germany_RoleA") != null) {
//bind to a grid, show a control, do something significant
}
and that might fit your problem better. Roles are truly only meant to act as flags (Does he have this role or not, then do something or dont), but the Profile object is designed to be customized to carry pertinent data for a user.
You can always extend it. The ASP.NET Membership model uses GUIDs as IDs for users and roles. You can add new tables that represent the added functionality and have them reference the original Membership tables.
Your problem is not in the role provider, or the membership system. This system is suitably flexible enough for your needs, and allows you to assign multiple roles to individual users. You can either use a SQL table to store these roles, or you can use Active Directory, AD is probably easier to manage the users with.
Your primary problem is going to be how you assign permissions to the fields and other objects. This means you can't just use standard drag and drop web forms, but will have to build your fields dynamically.
It's easy enough to check whether a user is in a role, this is a one-line call. But, your roles will likely not be hard coded, so you need a way to store fields and the roles associated with them, and a way to build the fields based on the users privileges.
EDIT:
Another option is to build the forms as if there was no security, then in your pre-render event go through and apply your security to each field, disabling and/or hiding fields you don't want the users to see. This may require relaying out the fields if you choose to hide them.

Web application role management

I am new to asp.net and developing an application where there will be some roles like (admin, entry user, maker, checker) one user can have all or can have partial roles based on the provided roles and the page should restrict functionality based on the user role.
What is the best way of implementing it without memberships in asp.net ..
thanks
How can define a role without membership? You have to know who they are in order to get their role, otherwise there is no point.

Resources