Question MVC policy groups and users privileges

[Ali Naser]

How to apply user access to some web pages from the layout web page based on user table which referenced the policy groups table contains the web forms.

 

[jmcilhinney]

You mention MVC in the title but Web Forms in the post. We need to know which it is in order to provide appropriate advice. I haven't used Web Forms in a long time - I recommend that you don't either - so I don't really know what the security protocols are there. In an MVC app, if you are using Microsoft Identity, which is built into ASP.NET, then you use the Authorize attribute on controllers and/or actions to specify which users and/or roles can invoke them, e.g.

 [Authorize(Users = "Betty, Johnny")]
 public ActionResult SpecificUserOnly()
 {
     return View();
 }

[Authorize(Roles = "Admin, Super User")]
public ActionResult AdministratorsOnly()
{
    return View();
}

That's C# code pilfered from elsewhere but it's the same attribute in VB.

 

[Ali Naser]

You mention MVC in the title but Web Forms in the post. We need to know which it is in order to provide appropriate advice. I haven't used Web Forms in a long time - I recommend that you don't either - so I don't really know what the security protocols are there. In an MVC app, if you are using Microsoft Identity, which is built into ASP.NET, then you use the Authorize attribute on controllers and/or actions to specify which users and/or roles can invoke them, e.g.

 [Authorize(Users = "Betty, Johnny")]
 public ActionResult SpecificUserOnly()
 {
     return View();
 }

[Authorize(Roles = "Admin, Super User")]
public ActionResult AdministratorsOnly()
{
    return View();
}

That's C# code pilfered from elsewhere but it's the same attribute in VB.

Dear Gentle,
Thank you very much for your help,
Please, let me describe to you the question briefly:
I have two database tables named as tblUsers and tblPolicyGroups so the second table contains its on primary key and foreign key related to the users table taking in the consideration the web forms are in the policy groups table as a boolean values accociated with administrators and senior managers and guests are members of the policy groups table so my question is how to make condition from the layout page in order to specify and restrict the users access based on their privileges.

Best regards,

Ali Naser
Software developer

 

[Ali Naser]

You mention MVC in the title but Web Forms in the post. We need to know which it is in order to provide appropriate advice. I haven't used Web Forms in a long time - I recommend that you don't either - so I don't really know what the security protocols are there. In an MVC app, if you are using Microsoft Identity, which is built into ASP.NET, then you use the Authorize attribute on controllers and/or actions to specify which users and/or roles can invoke them, e.g.

 [Authorize(Users = "Betty, Johnny")]
 public ActionResult SpecificUserOnly()
 {
     return View();
 }

[Authorize(Roles = "Admin, Super User")]
public ActionResult AdministratorsOnly()
{
    return View();
}

That's C# code pilfered from elsewhere but it's the same attribute in VB.

I am using the MVC technique so i want to restrict the views of the web page from the layout page based on predefined saved values of the user privileges as stored in the database.