Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Creating an administrators only partition in asp.net MVC app without using membership provider

Posted on 2010-09-16
4
Medium Priority
?
785 Views
Last Modified: 2013-11-08
I want to partition off an admin area in my MVC app however I am not using membership provider just forms authentication.

I have my own user and roles table and each user is assigned a role.   I can check through the app for each users role
Eg.   If user.role = “admin” then ………and so on

I have created an Admin folder for my views and setup routing in global.asax (see code).
What would I need to do now?

Say I have a “UserController” that deals with managing users; only admins can access this so would I do this?

I can set the  [Authorize] attribute on each action method but as I am not using membership I am unsure if I can do anything else.





routes.MapRoute(
                "DefaultAdmin",                                         // Route name
                "admin/{controller}/{action}/{id}",                    // URL with parameters
                new { controller = "Admin", action = "Index", id = "" } // Parameter defaults
            );

Open in new window

0
Comment
Question by:ToString1
  • 2
  • 2
4 Comments
 
LVL 7

Expert Comment

by:jamesbaile
ID: 33689846
Is there any reason why you are not using a membership provider? If you have your own schema then you can always create your own provider which will make the management of the whole site a lot easier.
0
 

Author Comment

by:ToString1
ID: 33689899
HI Yes
It was probably a mistake not to use membership provider but it is late in the project so I need a fix.



0
 
LVL 7

Accepted Solution

by:
jamesbaile earned 2000 total points
ID: 33690087
If you can't create your own membership provider then presumably you are handling the logging in, in your code, in which case you will need to make sure that you add the roles that the user is authorised for to the security principle when you authenticate. Then you will be able to use the [Authorize] attribute on your controllers.
0
 

Author Comment

by:ToString1
ID: 33690116
HI Yes

I am using the [Authorize]  attribute on my controllers and that works fine.

In code I can do

If user.role = “admin” ......

However I cannot add this to the [Authorize] attribute ?  
[Authorize roles="admin"]  because I am not using membership provider.

I need an approach were everything within the admin folder is only accessed by admin roles

So if I try to access an views/admin/index
Then I check

If user.role = “admin”
//if they are then OK but if not

redirect to "not authorised" ?

0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Problem Hi all,    While many today have fast Internet connection, there are many still who do not, or are connecting through devices with a slower connect, so light web pages and fast load times are still popular.    If your ASP.NET page …
Recently I spent hours debugging an issue in a Rails project where ActiveRecord was causing MySQL errors trying to create a User object of a class at the top level of a Single Table Inheritance model structure.  It turns out `.create` behaves differ…
The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question