0

I am hoping to create some secure areas of my MVC application, I understand how users can register, login etc with the out of the box views controllers etc.

One thing that seems to be lost on me is a way to manage these users after they register. Some things I would like to be able to do:

  1. Assign roles to users
  2. C-R-U-D users
  3. C-R-U-D roles

Is this all functionality I have to build myself or am I just missing something here? Everything I have found lends itself to writing code to do all these things, but it seems as though these are standard enough that they should exist.

BlueBird
  • 1,406
  • 4
  • 24
  • 35

1 Answers1

1

it's very simple. if you take a look at your auto-generated DB for users, you will see that it already contains tables for roles etc. so everything was already prepared for generic use, you just need to define the basics and use it.

You can first try to play with it a bit by adding values manually to the DB tables, just to get the feel of how it works.

  1. define a role
  2. assign users with that role
  3. now depending on your use, whether you'd like to allow\block access to action or entire controllers just set this for example above a action or class [Authorize(Roles = "Admin")].

  4. in addition to (3) you can also make decisions in the server side (C# and cshtml) according to the user roles, by using:

    var userManager = new UserManager(userStore);

    if(userManager.IsInRole(user.Id, "Admin")){...}

read more in this link, it goes over the CRUD actions - define and use.

LiranBo
  • 2,054
  • 2
  • 23
  • 39