I am refactoring an application that I am developing, applying good ASP.NET MVC practices to it, there is a difficulty in understanding the Claims and how to apply it to replace Session usage. When I log in to the application I save some information in sessions as below in the code:
//
// POST: /Account/Login
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{
if (!ModelState.IsValid)
{
return View(model);
}
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, change to shouldLockout: true
model.Email = model.UserName;
var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: false);
switch (result)
{
case SignInStatus.Success:
var user = await UserManager.FindAsync(model.UserName, model.Password);
Session["UserId"] = user.Id;
Session["PerfilUsuario"] = user.PerfilUsuario;
switch (Session["PerfilUsuario"].ToString())
{
case "1": //Administrador
Session["SetorVisivel"] = true;
Session["ObraVisivel"] = true;
Session["TipoChamadoVisivel"] = true;
Session["SelecionarResponsavelAbertura"] = true;
break;
case "2": //SuperiorBRA
Session["SetorVisivel"] = false;
Session["ObraVisivel"] = true;
Session["TipoChamadoVisivel"] = false;
Session["SelecionarResponsavelAbertura"] = false;
break;
case "3": //Tecnico
Session["SetorVisivel"] = true;
Session["ObraVisivel"] = false;
Session["TipoChamadoVisivel"] = true;
Session["SelecionarResponsavelAbertura"] = true;
break;
case "4": //Usuário
Session["SetorVisivel"] = true;
Session["ObraVisivel"] = false;
Session["TipoChamadoVisivel"] = false;
Session["SelecionarResponsavelAbertura"] = false;
break;
case "5": //Gestor
Session["SetorVisivel"] = true;
Session["ObraVisivel"] = false;
Session["TipoChamadoVisivel"] = true;
Session["SelecionarResponsavelAbertura"] = true;
break;
case "6": //Administrador da Obra
Session["SetorVisivel"] = true;
Session["ObraVisivel"] = false;
Session["TipoChamadoVisivel"] = true;
Session["SelecionarResponsavelAbertura"] = true;
break;
default:
Session["SetorVisivel"] = true;
Session["ObraVisivel"] = false;
Session["TipoChamadoVisivel"] = true;
break;
}
if (user.PerfilUsuario == 1 || user.PerfilUsuario == 6)
{
return RedirectToAction("Index", "Home");
}
else
{
return RedirectToAction("Index", "Chamado");
}
case SignInStatus.LockedOut:
return View("Lockout");
case SignInStatus.RequiresVerification:
return RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = model.RememberMe });
case SignInStatus.Failure:
default:
ModelState.AddModelError("", "Invalid login attempt.");
return View(model);
}
}
I would like to remove the use of the session and put in Claims, I believe that I still have doubts in understanding the Claims so I am not visualizing how to replace, who can help me, I will be very grateful.