Hi,
Currently I have a business layer that handles authorization, it will take User Name, Controller, Action and decides whether the user has access or not:
bool Authorize(string controller, string action, string userName);
In my data layer, I have users, security roles, and privileges which can be used to search the user security roles and match it with the privilege to current controller and action. How do I use custom authorization policy handler that can call my authorization service? I just recently found out that this handler used together with requirements which more likely a static rules rather than dynamic. My goal is to make the authorization configurable in the Web Site backend without having to change the code.
Thanks a lot.