ASP.NET custom Authentication and Authorization

I am having a web project where it is required to define specific user rights to either a whole page or a single action. Users are going to be divided into three pre specified roles ('Sysadmin', 'Admin', 'User').

Only the 'Sysadmin' may register other users and give them a role. So there will be a registration page that only a sysadmin will be able to access.

Then the users will be able to access a page after logging in. This page has several buttons. These buttons should depend on if the user is in role 'Admin' or 'User'. The admin can see or press all the buttons, but the simple user may do so only with some of them.

The project has been built in a DB first way. The db already has a Roles and a Users tables, as defined below:
CREATE TABLE [dbo].[Users](
	[UserId] [int] IDENTITY(1,1) NOT NULL,
	[Id] [uniqueidentifier] NULL,
	[UserName] [nvarchar](50) NOT NULL,
	[Password] [nvarchar](50) NOT NULL,
	[RoleId] [int] NULL,
 CONSTRAINT [PK_Users] PRIMARY KEY CLUSTERED 
(
	[UserId] ASC
)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY]
) ON [PRIMARY]

Open in new window

CREATE TABLE [dbo].[Roles](
	[Id] [uniqueidentifier] NULL,
	[RoleId] [int] IDENTITY(1,1) NOT NULL,
	[Name] [varchar](10) NULL,
 CONSTRAINT [PK_Roles] PRIMARY KEY CLUSTERED 
(
	[RoleId] ASC
)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY]
) ON [PRIMARY]

Open in new window


The roles table is prepopulated with the three roles.
The users table is prepopulated with the sysadmin role.

I need to know, if i create a new web project in VS 2013 adding the 'Individual User Accounts' template, what changes do i need to make in order to:
Point the accounting process to my current db
Add custom maintenance for Users
Add custom maintenance forRoles (this might be needed for future reference.
).

Thanks a lot,
Giannis
LVL 23
Ioannis ParaskevopoulosAsked:
Who is Participating?
 
Ted BouskillSenior Software DeveloperCommented:
What you have asked for is possible and built in with many good examples.  This guy John Atten has written a number of great articles on the topic: ASP.NET MVC and Identity

This page is a jumping point: ASP.NET Identity

Based on how simple your model is, I'd recommend using the built in features.
0
 
Ioannis ParaskevopoulosAuthor Commented:
Nice readings you got there.

Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.