Hi, I have developed the asp.net mvc + C# application. it has 2 users as Super admin, Admin and User. I want to manage the functionality as per their roles. I am managing the data in sql server database .How to manage this in asp.net mvc ? where shuold i have to write the code for this management ?
well, i can think of two options
u can use asp.Net's default sqlmembershipprovider and sqlRoleProvider to authenticate and authorize ur users. if u do so u have to incorporate its database with urs. in this case u only have to write
[Authorize(Role="Administrator")]
public ActionResult myAction(){}
in this case authorize attribute will only allow administrators to enter myAction actionresult. (check to see if there is administrator role in asp.net membership and role database). there are almost half dozen roles there but i have not used them)
the second option is to use ur own database for storing role information and writing ur own authorize attributes and decorating ur actionresults with them this question will help u understand how u can inherit from AuthorizeAttribute to write ur custom authoirzation logic