Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Last post Sep 10, 2010 02:22 PM by DevTeach2010
Aug 17, 2010 01:18 PM|LINK
I would like to secure any URL below the http://MyServer/Admins and limit it to a specific role.
In webforms it was straight forward. I just put a child web.config in the /Admin/ folder and add <authorization> <allow roles> tags to it.
How would be the equivalent technique in MVC?
Aug 17, 2010 05:02 PM|LINK
In MVC, your resources are controllers, not URLs. So if you wanted to restrict access to an entire AdminController, for example, you'd put[Authorize(Roles = "Administrator")] on the controller class.
If you need to secure a group of controllers, put the attribute on a AdminControllerBase class, then have each controller you need to secure subclass that type. The framework will automatically apply the attribute to the subclassed types.
Aug 18, 2010 10:00 AM|LINK
you have to use actionfilter to preform role checking.
Try searching for rob-cornoy blog.
Aug 24, 2010 03:55 PM|LINK
There is an alternative provided in Steven Sanderson's book, you can find this interesting extract here :
MVC URL Based Authorization
Aug 24, 2010 04:03 PM|LINK
Like it is already mentioned here basically you defined who can perform what action. In ASP.NET MVC this is done with a special kind of filter namely IAuthorizeFilters. If you define them on controller level you define them for all your actions and if you
have a base controller you define them for all controllers that are derived from this base controller.
Sep 10, 2010 02:22 PM|LINK
This is exactly what I was looking for.
Thank you very much.