HW06: Security, Authentication and Authorization
First read this page both part 1 and 2. Implement scenario 3 for your movie database as follows:
Security: TransportWithMessageCredential (Scenario 3)
- Credential Type: Username
- Authorization: Role-based using ASP.NET role management
Because we don't want users to edit movies, we are going to allow them to create and read, but not update and delete. Create a Users role for this and a Managers role for those who have all operations. When you are done, you will need to add a way to pass credentials to the users.
Notes:
When I got to "Configure Membership and Roles" I hit a brick wall and had to look elsewhere for tools to complete this task. It looks like this website might work for us. Since the code is not available for the login, I used this website.