This is an ASP.NET MVC 5 application using Identity and EF.
EDIT
Entities:
ADMIN: Web site administrators. All of them would have an admin role and other roles depending on the resources they can access iwithin the administration panel.
USERS: Common users. The could access to their private panel to edit their profiles and access some services.
TEAMS: Work teams. A work team consist in a group of users and one user can be in many different work teams.
Scenario:
I'd like to have 3 different login pages: administration panel, one for the common users and another one for the work teams.
How can I have 3 different login pages since Identity allows you to set just one?
I'm thinking to have a user as the admin of each work team. That user can get into the work team private zone, but how can I do that?
Also, that user can give rights to other users in the work team to get into the work team zone.
So on the work team private zone I have to controll not only the user logged but also the work team id to show its data.
Thanks in advance.
Related
I have an application that uses a client table, a company user table and an admin user table to manage companies. Companies have an admin area where they manage their users with roles of what their users can do, and a level above that the admin manages users that have their roles for managing all companies.
The question is: I want to use asp.net identity with authorize and roles in the appropriate controllers. Is there a way to integrate the existing user tables and roles for all three levels of users?
you can create a referrence table with many to many relationship to the asp.net users table like the below:
1- ASP.NET Users (The one Identity provider will give you)
2- Custom Table called (CompanyUsers) that takes the company ID and User ID
3- all tables linked to the above custom table
I am working on an Intranet Asp.net mvc with windows authentication enabled. I am building an asset management application, and I need to define user groups and security roles. For example I have a group that contains senior HR employees; this group will be linked to a security role. The security role will allow for example to add new vehicles, but only allow reading the information about IT assets such as PC, etc.
But since I am working on intranet and the users exists in the Active Directory, and I want to link the user groups to customize security role. So is it a recommended approach to use my own userGroups table and securityRole table to store the information about the user groups and their security roles.
Currently I only use the users from AD , but stores the info about user groups and security roles inside my custom tables. As this will give me more flexibility of implementing the requirements, OR it is recommended to use the build-in groups and role management that comes with asp.net?
Thanks
If the ability exists to maintain the active domain groups there is no reason to maintain a local groups table isinrole can be used for group access checks
I'm trying to implement some role-based functionality in my web application (.NET 4.0.3) so that I can control what menu items users can see based on their roles, either Administrator or User.
I'm simply using existing AD groups to administer the roles. Let's say there is a team in my organisation that is represented by an AD group called IT-Managers, and there is another team with AD group IT-Support. I simply want to map IT-Managers as Administrator and IT-Support as User.
I can easily use WindowsPrincipal.IsInRole() to check whether the currently logged-in user belongs to either group, but how do I tell the application that the logged-in user holds the Administrator role or the User role, therefore sitemap security trimming can pick this up?
By implementing your custom Role Provider. Once implemented you can easily use the ASP.NET role provider framework....
Roles.IsUserInRole("Admin");
Roles.GetUsersInRole("Users");
etc.
You can implement a Role Provider by implementing the RoleProvider abstract class or by extending an existing one such as SqlRoleProvider. There's a lot of extensive documentation out there. I'll paste a couple of links
http://msdn.microsoft.com/en-us/library/aa478950.aspx
http://www.codeproject.com/Articles/28546/Active-Directory-Roles-Provider
Is it possible to manualy update user roles with Symfony2?
In my application, users are able to handle many companies. For each of them, they have different rĂ´les.
At login time, I'd like to give them the roles of their default company and when they switch of company, I'd like to remove the previous roles and add the ones of the new company.
Yes it is possible. But i wouldn't advise you to dynamically remove and add roles on an company switch as it could lead to an security issue. If you want to use the basic role system you could create roles prefixed by company name (this is an bad idea if you have many companies). Or upgrade your security context to use ACLs. Maybe the simplest solution is to create an user for each company with the same credentials (or no creadentials if you manage the user switch) and different roles.
As far as I can see you should consider developing an own role system that meets your multi company requirement.
The customers (clients) of an ASP.NET webapplication are companies and each company may have many users that have access to the site.
So, for instance CompanyA subscribes to the site to consume the site's services. Immediately a superuser of that company is created. Then, this supersuser has the permission to create more users of CompanyA that have access to the site.
So, in general, each user is identified by a CompanyName and a UserName.
Typical ASP.NET forms authentication provides automatic login and register functionality but only with Username and Password fields.
Does the .NET framework provides a way to include a CompanyName and CompanyPassword fields in the Login and Register controls?
A company and the initial superuser may also be registered in the system by the Site's administrator.
Actually what I would like is to include a CompanyName field in the provided .NET Login control, and not only Username and Password.
Is there a .NET framework way to do this, or do I have to custom-code it? In the latter case, which is the best practice?
Your scenario should NOT require a company name at all. So long as the username is a unique column, you should be able to lookup to which company does the user belong to. All you need is a user_company table which will link usernames to company ids. Once the super user is created, you know the company he belongs to and when he creates a user, you also know which company that user will belong to. On the login page you still only need to ask for username and password only; that's of course, if you don't want to allow users from different companies with the same username, which I think is reasonable and a good trade off for simplicity.
You can use any pre-existing or planned authentication scheme you want with ASP.Net Forms authentication.
See this (overly simplified) example from MSDN where you can even hard code the auth scheme if you so choose - not that you should, but it gives you the overall idea.
ASP.net Membership is provided to you by Microsoft if you want to use it (you don't have to). It has all the scaffolding you need if you use it (including the database you mention) and is used by Forms Authentication by default (not exclusively).