From the course: ASP.NET MVC 5 Identity: Authentication and Authorization
Unlock the full course today
Join today to access over 22,500 courses taught by industry experts or purchase this course individually.
Role-based authorization
From the course: ASP.NET MVC 5 Identity: Authentication and Authorization
Role-based authorization
- [Narrator] Using simple authorization in most cases would not be helpful. Especially if you are building a complex application because that way you are just checking if the user is logged in or not. And with simple authorization, users of different roles will be able to see the same resources. In an organization different people have different roles. Some are administrators, some are managers, and others belong to other roles. In a real world application, this is something that we need to take care of. So, basically, a user that belongs to the role employee, should not see the same resources as a user that belongs to the role manager or administrator. How these roles are created and managed depends on the backing store of the authorization process. So now, let us go to our home controller. For that, click the Solution Explorer, Controllers Folder, Home Controller. Now, if I change the authorize attribute in here to (roles = "Administrators"), (typing) what this means is that, all…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.