3

I used Asp.net Identity in an enterprise web application (mvc) with role and group based permissions management. Now I have to add a new entity as geography to divided users in different provinces or regions to authorized users access. I mean every user can fetch his/her province or region data in pages. Is there a best practice for this purpose? Or can any one guide me about this subject?

thanks.

Update: I have a simple design in my mind like this.(I could not attached the image here.)

SeeSharp
  • 608
  • 1
  • 13
  • 21
  • is this question about the political question "which data should a certain user see" (i.e. based on ip adress, adress.zip-code, the department the user works for, ....) or about how to implement the access-logic? – k3b Apr 11 '16 at 14:55
  • @k3b i actually want find a good and efficient design for this matter with less issues and changing in the future. I'm not interesting to redesign it after a while. – SeeSharp Apr 11 '16 at 20:10

3 Answers3

3

The way that users are distinct to regions is base on their IP address. So you read their IP and then base on this IP you attach him with a country/region.

Now there are some free and commercial databases that gives you this connection Ip with region and here is how to do it from some other answer:

geolocating an IP address

Community
  • 1
  • 1
Aristos
  • 66,005
  • 16
  • 114
  • 150
  • Thanks for your answer. you'r right in region aspect, but there is an issue in divided users based on province. Users in a province have the same ip? isn't it? – SeeSharp Apr 11 '16 at 09:20
  • The answer provided in the link is 4 years old. Are those databases still up-to-date, or did you come across any better one? Thanks! – Win Apr 11 '16 at 14:50
0

If i had to implement this i would add categories to users and regional data: Example:

  • user Peter Smith, Category: NorthGermany
  • user Susan Brown, Category: NorthGermany,SouthGermany
  • regional data: Store Hamburg, Category NorthGermany
  • regional data: Store Munich, Category SouthGermany

The user is only allowed to see those regional data where he or she has categories for.

Peter can see the hamburg store while susan can see hamburg and munich

k3b
  • 14,517
  • 7
  • 53
  • 85
0

I've developed a claims based security framework for covering all my needs in security layer as user, group and claim manager with row level security also. I could cover geo authorize with rls concept in my project. You can find it in GitHub to check the source and use it.

SeeSharp
  • 608
  • 1
  • 13
  • 21