3

In ASP.NET MVC Identity,the relations data for Users and Roles is saved in AspNetUserRoles table, this table has two field:UserId,RoleId, but i want to add other fields to this table, such as department field.

So if an user logins in different departments,he will have different roles. Anyone knows how to do it? Thanks in advance!

Improve this question
4
  • If you add a column to AspNetUserRoles table, it will require a lot of infrastructure changes including filters. Easiest way is to add roles with Department - Role Name. For example, HR Department - Manager. Commented Jul 10, 2015 at 18:03
  • 1
    or create your own table with UserId RoleId DepartmentId Commented Jul 10, 2015 at 18:06
  • Not sure how to model the 3 keys table using EF Code first. Any help would be appreciated. Commented Jul 17, 2015 at 0:01
  • Have you found any solution how to do that? Commented May 13, 2017 at 22:54

1 Answer 1

Reset to default
2

I Would Suggest you investigate ASPNet User Claims. You can assign different claims to a user with the identity manager, and based on the claim type of the user you will allow him access or not. Create a custom Claims Attribute which will be placed on top of the various controller to authenticate the user. this must be implemented based on your needs. the custom attribute will then fire before the controller gets executed and if the uses is allowed he will pass. else return to error page of you choice.

Sample Attribute usage

[ClaimsAuthorize(ClaimsData.EditAddress)]
    public ActionResult CitiesPartial()

Attribute Authentication

 public class ClaimsAuthorizeAttribute : AuthorizeAttribute
{
    private readonly string _claimType;
    public ClaimsAuthorizeAttribute(string type)
    {
        _claimType = type;
    }
    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        var user = (ClaimsPrincipal)HttpContext.Current.User;

        if (user.HasClaim(_claimType, "True"))
        {
            base.OnAuthorization(filterContext);
        }
        else
        {
            HandleUnauthorizedRequest(filterContext, _claimType + " Not Allowed ");
        }
    }

    protected void HandleUnauthorizedRequest(AuthorizationContext filterContext, string message)
    {
        filterContext.Result = new RedirectToRouteResult(
                                   new RouteValueDictionary 
                               {
                                   { "action", "ClaimNotAuthorized" },
                                   { "controller", "Home" },
                                   {"errorMessage", message }
                               });
    }

    public static bool AuthorizedFor(string claimType)
    {
        var user = (ClaimsPrincipal)HttpContext.Current.User;
        return user.HasClaim(claimType, "True");
    }
}

hope this helps.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.