I'm creating a system using Asp.Net MVC and before I start I need to do profile-based security. I will have several profiles each with an access option. For example: Administrator Profile (access all), Common Profile (restricted access), Advanced Profile (some administrative access), etc.
I thought about creating the profile and creating the modules (methods or controllers) for the profile and through a boolean true / false give permissions to the profile and then put the profile to the user, this in my view would be the simplest way do. However, I do not know how to do this by checking if the method / controller is allowed or not by the profile to gain access, for example, to write down an account that would be only the Administrator profile that could be made, or as a sale down that the Profile Advanced could also work with the Administrator.
How to do this? What do you suggest?