I'm researching how to implement access control in my web application.
I'm using Asp.Net MVC with identity, the idea is that a certain user can only access a certain page.
So, in search I checked that we can use AuthorizeAttribute
, first we can define only as [Authorize]
, where only authenticated users can access the method in question.
Also, I noticed that we can use [Authorize(Roles="Administrators")]
where only users who satisfy this condition will be able to access the method in question.
But how do I define these Roles
? in research by StackOverFlow, I found an answer about: Asp.Net Identity, how to use only Roles or Claims? , which has already clarified some doubts.
Also, on the internet search, I found some people saying that they have to set up in web.config
, ref: Managing Authorization Using ASP.NET Roles ?
So this gave me a lot of confusion:
- Which template is correct?
- Do you have advantages, or disadvantages between one or the other?
- Which model uses the
identity
tables ie SQL Server?