Solved

Creating an administrators only partition in asp.net MVC app without using membership provider

Posted on 2010-09-16
4
763 Views
Last Modified: 2013-11-08
I want to partition off an admin area in my MVC app however I am not using membership provider just forms authentication.

I have my own user and roles table and each user is assigned a role.   I can check through the app for each users role
Eg.   If user.role = “admin” then ………and so on

I have created an Admin folder for my views and setup routing in global.asax (see code).
What would I need to do now?

Say I have a “UserController” that deals with managing users; only admins can access this so would I do this?

I can set the  [Authorize] attribute on each action method but as I am not using membership I am unsure if I can do anything else.





routes.MapRoute(
                "DefaultAdmin",                                         // Route name
                "admin/{controller}/{action}/{id}",                    // URL with parameters
                new { controller = "Admin", action = "Index", id = "" } // Parameter defaults
            );

Open in new window

0
Comment
Question by:ToString1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 7

Expert Comment

by:jamesbaile
ID: 33689846
Is there any reason why you are not using a membership provider? If you have your own schema then you can always create your own provider which will make the management of the whole site a lot easier.
0
 

Author Comment

by:ToString1
ID: 33689899
HI Yes
It was probably a mistake not to use membership provider but it is late in the project so I need a fix.



0
 
LVL 7

Accepted Solution

by:
jamesbaile earned 500 total points
ID: 33690087
If you can't create your own membership provider then presumably you are handling the logging in, in your code, in which case you will need to make sure that you add the roles that the user is authorised for to the security principle when you authenticate. Then you will be able to use the [Authorize] attribute on your controllers.
0
 

Author Comment

by:ToString1
ID: 33690116
HI Yes

I am using the [Authorize]  attribute on my controllers and that works fine.

In code I can do

If user.role = “admin” ......

However I cannot add this to the [Authorize] attribute ?  
[Authorize roles="admin"]  because I am not using membership provider.

I need an approach were everything within the admin folder is only accessed by admin roles

So if I try to access an views/admin/index
Then I check

If user.role = “admin”
//if they are then OK but if not

redirect to "not authorised" ?

0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is for Object-Oriented Programming (OOP) beginners. An Interface contains declarations of events, indexers, methods and/or properties. Any class which implements the Interface should provide the concrete implementation for each Inter…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question