Multiple access control on a web page - C#

In my company we're currently working in our portal. It will be something like a social network.

I'm working on the "profile" part of the portal.

I was wondering, as I'm new to C#, how can I implement a "see-only-what-i-let-you" functionality.

Take for instance Facebook. There you can show only parts of your profile to some people, other parts to other people, you have full acess as others may have开发者_JS百科 no acess at all.

That's precisely what I need to implement.

We're working with MVC3/jQuery1.5/WCF.

One option would be to split your view up in to child actions:

@{Layout = "~/Views/Shared/Layouts/MasterLayout.cshtml";}
<div class="splitter">
    <div class="left-column">
       @Html.Action("Navigator")
       @Html.Action("MyPosts")
    </div>
    <div class="main-content">
       @Html.Action("RecentStories")
       @Html.Action("Adverts")
    </div>
</div>

Then in your controller each action decides if the current user can see this piece of content, e.g.

[AcceptVerbs(HttpVerbs.Get)]
public ActionResult RecentStories()
{
    if(current_user_cannot_access_this_content())
        return View("BlankView"); // Might want to render some place holder content

    // Setup necessary view data by pulling back content from the database.....

    return View(); // Render the /Views/<controller>/RecentStories.cshtml view 
}

Try to cache user permission data across child actions if possible (depends on how your calculation of what a user can see works).

This code is assuming all your actions are running off the same controller. You can hit a different controller for a child action just by passing the name of the controller as the second parameter.