ASP.NET Custom Role provider: Role depending on the context?

Question

I'm starting a new project, and I've a question about Custom role provider with ASP.Net MVC 3.

I need to have a role verification for several actions of my constructor, so I said me, okay easy, I can use the role provider.

The problem is that the role is depending of the current "context":

In fact users in my database are linked to several "entities", and have the role "A" for the entity X, and the role B for the entity Y. All data which will be displayed/edited are "childrens" of this entity

It's strictly separated: When we log in, we have to choose for which entity we want to work, and then, until we ask to change of entity, we will have only the data of this entity and rights of this entity.

The current "entity" will be stored in the session.

The goal is to have no unauthorized menu/action for the entity X, just because this right was allowed for user Y.

The problem is that in the role provider, I've no way to receive any context, I only receive the username.

So what you think I could do?(if it can help, the membership is also a custom membership provider).

Answer 1

To block access to those specific pages you could implement a RoleManagementFilter on the actions. This would then only allow users in employee role, admin role to access specific pages.

[RequiresEmployeeRole(Route = "Account", Action = "LogOn", Order = 1)]
Public ActionResult EmployeeSettings(){
    return View();
}

What the ActionFilter does is based on the role of the user requesting the page will either redirect them to the route and action you set Route = "Account", Action = "LogOn" or allow them in.

Below is part of the ActionFilterAttribute.

public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        string[] roles = Roles.GetRolesForUser();
        string userrole = "";

        if (roles.Length > 0)
            userrole = roles[0];

        if (Regex.IsMatch(userrole, Role))
            filterContext.HttpContext.Response.Redirect(redirectUrl(), true);
    }

I don't know how may entities you have, and if it is feasable or not, but if you were to create roles for each entity, attach users to those roles you could then base your restrictions on Actions if the user is in Roles.GetRolesForUser();

I found an MSDN article re action filters http://msdn.microsoft.com/en-us/magazine/gg232768.aspx that might help. There are plenty of examples out there hope that helps you out.