I am building an application where same page can be visited by multiple user of different roles, for example
Only thing that came in my mind so far is that I should make custom Html helpers where I will accept role as a parameter and check the role and accordingly add disable or enable classes to the control. Application will have hundreds of pages, but some pages might have different access to different roles. Please provide a solution where I can achieve this specific page & role base access control and without much compromising with performance.
Any help or suggestion will be appreciated. Thank you.
Do you really want to hide the controls that a user is not authorized to update?
Or simply show unauthorized error (return new HttpUnauthorizedResult();
) when they hit the save/update button. If you prefer the latter, here is one way of doing this:
[Authorize ("Roles="All Authorized X app")]
if(User.IsInRole("X Administrators"))
or if(User.IsInRole("X Reviewer"))