I have an ASP.net MVC website providing various admin functions. It's internal and uses Windows authentication to manage different roles access to various controllers and actions.
In order to achieve this I have decorated the various objects with [Authorize(Roles="")]
This project is now quite mature, and a search reveals I have used the attribute nearly 60 times - I'm now at the point where this is starting to feel insecure, and I need a way to affectingly manage who has access to what.
So what I really want to build is a site map type page that lists all views on the site with a list of roles that can access each view listed alongside.
I have searched but can't seem to find how to start - any pointer would be greatly received - thanks.
If you're feeling insecure about not having all controllers/controller actions managed something you could look at is Fluent Security.
It allows security to be specified in a centralized space and in a way that is readable.
There's a good tutorial on it here.
It won't give you your site map type page, but may give you some peace of mind.