I have a section in my application that part-time people are not allowed to use, but full-time employees are allowed. We have far more full-time employees than part-time; so I figured it would be easier to create a role that lists the part-timers and exclude them from this controller instead of getting a full list of full-timers and maintain that list. I haven't found anything that really fits what I am looking for. Most of the solutions seem to extend the functionality of Authorize, but I can't find something that is close to what I am looking for.
Can you point me in the right direction?
For example:
[Authorize(Roles!="PartTimers")]
public class MyController : Controller { }
It should be [Authorize(Roles="FullTimers")], anything else goes against the grain of the provided framework here.
What would happen when a new group of users (Guests) is later defined? It is much safer to explicitly grant them access then to scan the entire app for actions that need denial.
Th WebForms framework does provide a <deny roles ="..." /> feature but it is mostly used with roles="*" and users="?" and that is not as applicable here.
I figured it would be easier to create a role that lists the part-timers and exclude them from this controller instead of getting a full list of full-timers and maintain that list.
The effort for "maintaining a list" is not proportional to the number of members. You'll need a checkbox or something on the entry form anyway.