I wanna know if it is possible to create a custom authentication - authorization, by extending the existing authentication with MVC 5 in C#. Basically what I want is to be able to allow access to methods or entire controllers by hinting the capabilities like you normally do with roles:
public class User : Controller
{
// POST: Users/Create
[Authorize(Capabilities= "CreateUsers")]
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Create(FormCollection form)
{
}
}
I don't wanna use Roles ([Authorize(Roles = "Administrator")]
), because my users will have Capabilities. I already have custom tables in my database for Users, Capabilities and CapabilityUser.
and then use it as