发表新帖
发表新帖

ASP.NET: Permission/authentication architecture

前端 未结
关注
5 1208
天涯浪人
天涯浪人 2021-02-08 23:29

I am looking into building an authentication in my ASP.NET application with the following requirements.

  • A user has exactly one Role (i.e. Admin, S
5条回答
  • 你的背包
    你的背包 (楼主)
    2021-02-08 23:58

    I would build the user/role relationship so users can have more than 1 role. I see a 1-1 relationship and I get nervous because I know that even if we don't see a need for it now, someone is someday going to want someone to be both a Sales user and a Customer Service user.

    In our customer system, we use roles to layer on stuff like "delinquentCustomer." That way, the original permissions are still valid--as soon as they pay their bill. Worth considering this approach.

    0 讨论(0)
 看不清?
提交回复
热议问题