In MVC, your resources are controllers, not URLs. So if you wanted to restrict access to an entire AdminController, for example, you'd put[Authorize(Roles = "Administrator")] on the controller class.
If you need to secure a group of controllers, put the attribute on a AdminControllerBase class, then have each controller you need to secure subclass that type. The framework will automatically apply the attribute to the subclassed types.
Like it is already mentioned here basically you defined who can perform what action. In ASP.NET MVC this is done with a special kind of filter namely IAuthorizeFilters. If you define them on controller level you define them for all your actions and if you
have a base controller you define them for all controllers that are derived from this base controller.
Give a man a fish and you will feed him for a day. Teach a man to fish and you will feed him for a lifetime.
Marked as answer by ricka6 on Oct 06, 2010 07:33 PM
DevTeach2010
Member
10 Points
24 Posts
How <authorization> <allow roles="SomeRole"/> in web.config work in MVC
Aug 17, 2010 01:18 PM|LINK
Hi,
I would like to secure any URL below the http://MyServer/Admins and limit it to a specific role.
In webforms it was straight forward. I just put a child web.config in the /Admin/ folder and add <authorization> <allow roles> tags to it.
How would be the equivalent technique in MVC?
Thank you,
Max
mvc security
levib
Star
7702 Points
1099 Posts
Microsoft
Re: How <authorization> <allow roles="SomeRole"/> in web.config work in MVC
Aug 17, 2010 05:02 PM|LINK
In MVC, your resources are controllers, not URLs. So if you wanted to restrict access to an entire AdminController, for example, you'd put[Authorize(Roles = "Administrator")] on the controller class.
If you need to secure a group of controllers, put the attribute on a AdminControllerBase class, then have each controller you need to secure subclass that type. The framework will automatically apply the attribute to the subclassed types.
mohd786hussa...
Contributor
4329 Points
878 Posts
Re: How <authorization> <allow roles="SomeRole"/> in web.config work in MVC
Aug 18, 2010 10:00 AM|LINK
Hi,
you have to use actionfilter to preform role checking.
Try searching for rob-cornoy blog.
Mohammad Hussain
Web design, Logo design & Asp.net development
Philippe Gud...
Member
12 Points
1 Post
Re: How <authorization> <allow roles="SomeRole"/> in web.config work in MVC
Aug 24, 2010 03:55 PM|LINK
There is an alternative provided in Steven Sanderson's book, you can find this interesting extract here : http://books.google.com/books?id=tD3FfFcnJxYC&pg=PA529&lpg=PA529&dq=mvc+allow+folder+access+role+web+config&source=bl&ots=IQhHwrCJTw&sig=BWkYGL_WCxkE63Ayroej5cXyHgc&hl=en&ei=9-NzTNvPI5OBswaX95yWCQ&sa=X&oi=book_result&ct=result&resnum=10&ved=0CDwQ6AEwCQ#v=onepage&q=mvc%20allow%20folder%20access%20role%20web%20config&f=false
Cheers,
MVC URL Based Authorization
gabriel.loza...
Contributor
3583 Points
800 Posts
Re: How <authorization> <allow roles="SomeRole"/> in web.config work in MVC
Aug 24, 2010 04:03 PM|LINK
Like it is already mentioned here basically you defined who can perform what action. In ASP.NET MVC this is done with a special kind of filter namely IAuthorizeFilters. If you define them on controller level you define them for all your actions and if you have a base controller you define them for all controllers that are derived from this base controller.
DevTeach2010
Member
10 Points
24 Posts
Re: How <authorization> <allow roles="SomeRole"/> in web.config work in MVC
Sep 10, 2010 02:22 PM|LINK
Philippe Gudemann,
This is exactly what I was looking for.
Thank you very much.