Using CLK.AspNet.Identity to provide role-based access control (RBAC)

Source: Internet
Author: User

Use CLK.AspNet.Identity to provide role-based access Control (RBAC) program code Downloads

Program code Download: Click here to download

Objective

The ASP. NET identity is an open source project that Microsoft contributes to provide ASP. NET authentication and authorization mechanism. In the function module of the ASP: claims-based authentication is used to provide authentication mechanism and implement role-based authorization to provide authorization mechanism. After the developer applies the ASP. NET identity within the system, it can define which role the user belongs to, and which role can use those functions, as in the following example, and after subsequent users authenticate, they can use the system functionality in accordance with the role authorization.

The ASP. NET identity authorization mechanism can dynamically change the role that the user belongs to while the system is running, but cannot dynamically change the functions that the role can use. This is because in the ASP., the settings of which role the user belongs to are stored in the database can be changed dynamically, and the role can use those functions of the setting is defined in the program code does not have the means to change dynamically. While such an authorization mechanism can already meet most development requirements, developers will not have the opportunity to use the rich authentication authorization mechanism of the ASP. NET identity in development projects that require dynamic change roles to use those features.

    • Domain model

    • Roles can use those features

      public class HomeController : Controller{    [Authorize(Roles = "Admin")]    public ActionResult Contact() { ... }    [Authorize(Roles = "Guest")]    public ActionResult Contact() { ... }}
    • Which role does the consumer belong to

This article introduces a validation authorization module based on the ASP. NET Identity Development design: CLK.AspNet.Identity. This authentication authorization module provides role-based access control (role-based access controls, RBAC), which unlocks system authorization to user (consumer), Role (roles), Permission (permissions). After the developer has applied the CLK.AspNet.Identity within the system, it can define which role the user belongs to, which role has those permissions, what functions the permissions can use, and subsequent users can use the system functionality according to role permissions, as in the following example.

Class. The aspnet.identity authorization mechanism, in addition to the ability to continue to use the claims-based authentication mechanism inherited from the ASP. NET identity, can also dynamically change the authorization settings stored in the database during the system operation: the role that the user belongs to, the permissions that the role has, Let the system's authorization setting more flexible, to meet the needs of more users.

    • Domain model

    • What features can be used for permissions

      public class HomeController : Controller{    [RBACAuthorize(Permission = "AboutAccess")]    public ActionResult Contact() { ... }    [RBACAuthorize(Permission = "ContactAccess")]    public ActionResult Contact() { ... }}
    • Which role does the permission belong to

    • Which role does the consumer belong to

Installation
    1. First, start Visual Studio with an ASP. NET Web application that creates a " complete blank ".

    2. Then open the NuGet management tool, search for and install: "CLK. ASPNET.IDENTITY.MVC Template"

    3. Installation takes some time and you can see that the necessary files have been added to the project after the installation is complete.

    4. Once the CLK.AspNet.Identity is installed, you can see the preset home page content on your browser by pressing the Execute button of Visual Studio.

Change permissions for a role
    1. Using the preset Guest account login (Id:[email protected], pw:guest), click on the Page menu button: about, because [email protected] belongs to the Guest group, and the Guest group does not have aboutaccess permissions, So you receive 403 page content that is denied access.

    2. Using the preset admin account login (id:[email protected], pw:admin), click on the Page menu button: Permissionsadmin go to the Rights Management page, edit aboutaccess permissions, Let the guest group have aboutaccess permissions.

    3. To change back to the preset Guest account login (Id:[email protected], pw:guest), click on the Page menu button: about, because now the guest group has aboutaccess permissions, so you can browse about the content of the page.

Changing the user's role
    1. Using the preset Guest account login (Id:[email protected], pw:guest), click on the Page menu button: contact, because [email protected] belongs to the guest group, The guest group does not have contactaccess permissions, so it receives 403 page content that is denied access.

    2. Using the preset admin account login (id:[email protected], pw:admin), click the Page menu button: Usersadmin go to User Management page, edit [email protected] user, let [email protected] Users are added to the admin group.

    3. To change back to the preset Guest account login (Id:[email protected], pw:guest), click the Page menu button: contact, because now [email protected] belong to the admin group, The admin group has contactaccess permissions, so you can browse the contents of the contact page.

Permissions for new systems
    1. Back to Visual Studio editing new features, first add a new feature in HomeController "news", set newsaccess permissions to use this function, and add the corresponding changes in the Viwes.

      public class HomeController : Controller{    [RBACAuthorize(Permission = "NewsAccess")]    public ActionResult News()    {        ViewBag.Message = "Your news page.";        return View();    }}
    2. By pressing the Execute button of Visual Studio, you can see the preset home page content in the browser, and there is a page menu button called News in the content.

    3. Using the preset Guest account login (Id:[email protected], pw:guest), click on the Page menu button: News, because the system does not set newsaccess permissions, so you will receive permissionname not Found. Error Message page.

    4. Log in using the preset admin account (Id:[email protected], pw:admin), click on the Page menu button: Permissionsadmin access to the Rights Management page, add newsaccess permissions, And let the guest group have newsaccess permissions.

    5. Change back to the preset Guest account login (Id:[email protected], pw:guest), click the Page menu button: News, because now the guest group has newsaccess permissions, so you can browse the News page content.

Program code Download

Program code Download: Click here to download

Use CLK.AspNet.Identity to provide role-based access control (RBAC)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.