0

I have a tree which is in a table named cartable. I want to use .net core Identity to grant some permissions to this tree like these:

  1. Each Role has some permissions such as "Read Letter","Create a Letter","Delete a Letter" and so on
  2. Each User may have a one of the Role on a Node of Cartable table in a specific Date i.e from 06/01/2019 to 05/10/2020

would you please help me how to implement it? should I use Claim or I have to customize UserRole table of .net Identity

Thanks

Masoud Amiri
  • 1
  • 1
  • Something like [this](https://stackoverflow.com/questions/48652426/implementing-custom-claim-with-extended-mvc-core-identity-user) SO question? – Jeroen Heier Jan 06 '19 at 06:28
  • How big do you expect the tree to grow to over time? Is it a fixed size of does it grow without bound over time? – GlennSills Jan 07 '19 at 19:01

1 Answers1

0

Instead of having permissions based directly on roles,you can use Policy-based Authorization

You could define a policy in startup for each of the permissions. Each policy can require a role, so you would still use roles. Each policy can also require a claim where you keep the date for each user, and the policy rule can validate that the date in the claim is not out of range.

In the controller actions that correspond to your nodes, you decorate the action method with the Authorize attribute and specify the policy name as shown in the linked documentation.

[Authorize(Policy = "AtLeast21")]
public class AlcoholPurchaseController : Controller
{
    public IActionResult Login() => View();

    public IActionResult Logout() => View();
 }
Joe Audette
  • 35,330
  • 11
  • 106
  • 99