Hi there,
I want to go one step further than simple roles based authorisation (Admin, User, Super User etc)
and instead what to do Activity based authorisation .
My thinking was to assign activities to logged in users which related to whether or not they could perform a action.
For example
CreateUser
ReadUser
UpdateUser
DeleteUser
I would create pages that relate to the above activites
i.e
CreateUser.aspx
on each page i would do a check to see if the authenticated user does in fact have rights to access the activity.
but i would do this by making use of Roles.
for example
IsInRole("CreateUser")
Previous to this i could assign the Activities (Roles) to the authenticated user after successful login
My only real concern with this is that by doing this when i authenticate the user and build the authentication cookie it will include alot of Roles
for example i currently have 60 activites in my system (but this could increase as we add more features - each feature is in it selve a new activity)
If the authentication cookie as to carry approx 60+ roles (activites)
would that cause any known issues?
Can anyone suggest an alternative approach ?