How to perform access permissions via AuthorizeAttribute

1

I'm researching how to implement access control in my web application.

I'm using Asp.Net MVC with identity, the idea is that a certain user can only access a certain page.

So, in search I checked that we can use AuthorizeAttribute , first we can define only as [Authorize] , where only authenticated users can access the method in question.

Also, I noticed that we can use [Authorize(Roles="Administrators")] where only users who satisfy this condition will be able to access the method in question.

But how do I define these Roles ? in research by StackOverFlow, I found an answer about: Asp.Net Identity, how to use only Roles or Claims? , which has already clarified some doubts.

Also, on the internet search, I found some people saying that they have to set up in web.config , ref: Managing Authorization Using ASP.NET Roles ?

So this gave me a lot of confusion:

  • Which template is correct?
  • Do you have advantages, or disadvantages between one or the other?
  • Which model uses the identity tables ie SQL Server?

    
asked by anonymous 27.10.2016 / 18:31

0 answers