I have been looking in how to setup asp.net core identity model, in order to give access to a user to specific data.
For example lets think that we have 10 different stores.
I want to be able:
Have several type of users for example a salesman and buyer.
How could I setup:
First buyer to have data access for store 1, 2 and 3.
Second buyer to have data access for store 3, 4 and 5.
Third buyer to have data access for store 6, 7, 8 and 9
First salesman to have access to store inventory of store 3, and 4.
Could anyone point me in the right direction?
Alberto
The AspNet Core Identity doesn't provide ways to enforce data access to concrete data, like a particular store, which means you have to implement this yourself. However, you can describe the supposed access in the identity models:
The default ASP.NET Core Identity models contain a claim-model, in which you can define your own claim types, like role and store. You can then associate these claims to your users:
User 1 Claims:
"role": "buyer"
"store": "1"
"store": "2"
"store": "3"
User 2 Claims:
"role": "salesman"
"store": "3"
"store": "4"
(This is simplified, but might be enough for you. One limitation in this particular model is, that a user can be assigned to a store only for ALL of his roles. If a user is buyer for store 1, and salesman for store 2 you run into ambiguity of what data he has access to. If that's a requirement, then you would have to specify the role per store in a different kind of claim type)
This doesn't enforce the data-access though. You need to come up with your own filters when doing any queries against your persisted data, whether they be in SQL, Mongo, redis or anywhere else.