Is there a recommended/built-in way to implement Role hierarchies in ASP.NET Identity? I have four roles: Master, Admin, Manager, and Restricted. I want to develop a safe method for determining which Roles have access to certain functions. For example, I don't want Admins to be able to edit or create users with a Master role, but they should be able to edit both Manager and Restricted users.
One solution I thought of would be to make an enum as follows:
public enum Roles
{
Master = 64,
Admin = 16,
Manager = 4,
Restricted = 1
}
And then use comparison operators to determine who is of a higher authorization level.
The problem with this is that it feels like I am beginning to write my own Auth system and would rather leave as much as possible to the security professionals who wrote Identity.
Is there an accepted and safe way to implement Role Hierarchies in ASP.NET Identity?
What you are actually trying to do is manage permissions. You could use Roles for that - if your permission groups are fairly straightforward, but real life is not normally like that. The recommended solution is to use a Claims-based approach, where you can assign individual actions as claims to a user's identity, and then query the current user to see if they have the requisite claim before they are permitted to perform an action.
https://learn.microsoft.com/en-us/aspnet/core/security/authorization/claims?view=aspnetcore-8.0