Controlling content access by domain

For a user generated content website, I want to give ability to my users to restrict on who can see the content.

Domain based restriction seems like a good choice( users can embed content content on their own sit开发者_运维知识库e).

Any samples/suggestions/known gotchas on how we should implement domain restriction on content?

Our solution is developed on asp.net mvc

The authorization scheme you would use is independent of whether you use DDD or not.

You would probably use a Role-based authorization scheme. Every item of content then comes with an Access Control List (ACL), which is basically a list of roles and their rights -- for instance, all users who are in the FoodAuthors group can modify a particular piece of content, and all users in the FoodReaders group can only read it. Users who are in neither group/role have no access to the content.

Furthermore, you can divide up your content into categories (or "channels", whatever term you prefer), and organize these categories/channels in a tree structure. Then you can put ACLs on the categories/channels rather than on the content itself. So, an article on whole foods would be put in the /Health/Food channel, for instance, and the FoodReaders group would get read access to all content in that channel.