My google skills are failing me on this. I'm looking for the "right way" to do data based entitlements in ASP.Net MVC (3).
With regular entitlements where one just need to know the user and the route can be done with the [Authorize] attribute, but this doesn't appear to work with data based entitlements b/c of the need to have a connection to the data store.
Is the obvious approach of inserting a check into the action methods the right way?
Is the obvious approach of inserting a check into the action methods the right way?
That's what I do.
if (!userHasAuthorization)
return view("Unauthorized");
It's by far the simplest way.
To make sure you only have to do "userHasAuthorization" once, you can put a method in your repository or service layer that checks for authorization, and use that in place of the boolean value userHasAuthorization.