0

Is it possible to put users created from ASP.NET Identity Roles into an organisational unit as you can in Active Directory? I want to be able to allow users to be put into departments where managers of that department can access other users' data only within their own departments. For example, an HR manager should be able to access all of the HR employees' data but not operations or IT employees. I then want to allow managers higher up access to everyone's data. Does ASP.NET's roles and identity allow for this?

Should I use the claims to put users into departments and use policy to add people to management?

It should act as a tree structure, similar to what you can get in Active Directory. However, I can not find an option in asp.net identity that allows the option of organisations.

GolfBravo
  • 837
  • 2
  • 12
  • 23

1 Answers1

0

Yes, it is possible. Asp.NET identity allow you to use classes inherited from IdentityUser or IdentityRole

For example you can add support for User Hierarchy by creating a class that inherits from IdentityUser

public class AppUser : IdentityUser
{
    public string ManagerId { get; set; }

    public AppUser Manager { get; set; }

    public ICollection<AppUser> DirectSubordinates;
}

Then change your ApplicationDbContext to inherit from IdentityDbContext<AppUser> instead of from default IdentityDbContext

public class ApplicationDbContext : IdentityDbContext<AppUser>
{
    public ApplicationDbContext(DbContextOptions<ApplicationDbContext> options)
        : base(options)
    {
    }
}

After changing the hierarchy use dotnet-ef tool to add migration then update your database.

You can also uses a class inherited from IdentityRole as follows:

public class ApplicationDbContext : IdentityDbContext<AppUser, AppRole, string>

where AppRole is a class inheriting from IdentityRole

Sherif Elmetainy
  • 4,034
  • 1
  • 13
  • 22