I'm using Identity and I can manage the roles and authorization. My question is, how would you limit the usage from the plans, as with the "Authorize" atribute I can only limit full access to the action/controller?
My authorization is dynamic and I plan to add as many plans as needed and edit them in a control panel I created.
Example of what I want to achieve:
U just need a Role-Based Auth. U can do those things with Claims
.
That's the link for you
For a example, if user has a Gold plan you can give him a GoldRole and u can give him a as much role as you want it to be. If the user has Gold role so he can do those actions ;
[Authorize(Roles = "Customer")]
public IActionResult Profile()
{
int userID = getCurrentUser();
var currentUser = _unitofworkShoppingUser.RepositoryShoppingUser.GetCurrenUserProfile(userID);
var profileViewModel = new ProfileViewModel
{
ShoppingUsers = currentUser
};
return View(profileViewModel);
}
In that code im reflecting user profile page but im only doing that when the user authenticated with a Customer role. It's gonna only work when the user has Customer
role.
It's so flexible, permission-based auth a little bit complicated.