In ASP.NET MVC 4 I see that there is and [Authorize] attribute and now a corresponding [AllowAnonymous] attribute that can easily let you require authentication to access specific controller actions.
What I need is true multi tenancy though. Each user can access only their own records, and all records other than the user accounts should be owned by individual users.
In Hobo (http://hobocentral.net) which is a Rails plugin, this was easily accomplished by adding the following line of code in my ApplicationController:
before_filter :login_required, :except => [:login, :signup, :do_signup, :activate]
And then in my model:
belongs_to :owner, :class_name => "User", :creator => true
# --- Permissions --- #
def create_permitted?
acting_user == owner || !owner_changed?
end
def update_permitted?
acting_user == owner || !owner_changed?
end
def destroy_permitted?
acting_user == owner || !owner_changed?
end
def view_permitted?(field)
owner_is? acting_user or new_record?
end
And finally in my model's controller:
def index
hobo_index current_user.modelName
end
Does something so simple and elegant exist or is built into ASP.NET MVC? So far I've found several ways to implement multi tenancy in ASP.NET MVC but I'm unsure as to which is the clearly correct way. I also intent to use .NET 4.5 and Entity Framework 5 if that helps.