In my database I have some users and their roles. I can authenticate the user based on the user input. Now I want to retrieve the roles from the database and authenticate the user based on the role for every Controller.
Asked
Active
Viewed 127 times
1 Answers
0
Authentication and Authorization are two different things. If you want to Authorize someone based on a role then you can decorate a class or method with something like this:
[Authorize(Roles = "admin")]
this way the controller will reject anyone that does not have an admin role.
Newer versions of MVC have better options for authorization and authentication, but this is what is commonly used in MVC3.
Chad McGrath
- 1,561
- 1
- 11
- 17
-
That is fine but how can I compare the user as a "Admin" while retrieve the details from the database. Roles.GetRolesForUser(User.Identity.Name) something like this – Jegadeesh Mar 03 '14 at 17:46
-
1You don't, the attribute handles that. It makes sure that the logged on identity has a role of type 'admin'. I'm not completely sure on what else you're trying to accomplish, but yes, you can get all of the roles for the user with the method you mentioned, if you don't provide any parameters it gets roles for the current user. – Chad McGrath Mar 03 '14 at 18:49