Solved

Creating an administrators only partition in asp.net MVC app without using membership provider

Posted on 2010-09-16
4
751 Views
Last Modified: 2013-11-08
I want to partition off an admin area in my MVC app however I am not using membership provider just forms authentication.

I have my own user and roles table and each user is assigned a role.   I can check through the app for each users role
Eg.   If user.role = “admin” then ………and so on

I have created an Admin folder for my views and setup routing in global.asax (see code).
What would I need to do now?

Say I have a “UserController” that deals with managing users; only admins can access this so would I do this?

I can set the  [Authorize] attribute on each action method but as I am not using membership I am unsure if I can do anything else.





routes.MapRoute(
                "DefaultAdmin",                                         // Route name
                "admin/{controller}/{action}/{id}",                    // URL with parameters
                new { controller = "Admin", action = "Index", id = "" } // Parameter defaults
            );

Open in new window

0
Comment
Question by:ToString1
  • 2
  • 2
4 Comments
 
LVL 7

Expert Comment

by:jamesbaile
ID: 33689846
Is there any reason why you are not using a membership provider? If you have your own schema then you can always create your own provider which will make the management of the whole site a lot easier.
0
 

Author Comment

by:ToString1
ID: 33689899
HI Yes
It was probably a mistake not to use membership provider but it is late in the project so I need a fix.



0
 
LVL 7

Accepted Solution

by:
jamesbaile earned 500 total points
ID: 33690087
If you can't create your own membership provider then presumably you are handling the logging in, in your code, in which case you will need to make sure that you add the roles that the user is authorised for to the security principle when you authenticate. Then you will be able to use the [Authorize] attribute on your controllers.
0
 

Author Comment

by:ToString1
ID: 33690116
HI Yes

I am using the [Authorize]  attribute on my controllers and that works fine.

In code I can do

If user.role = “admin” ......

However I cannot add this to the [Authorize] attribute ?  
[Authorize roles="admin"]  because I am not using membership provider.

I need an approach were everything within the admin folder is only accessed by admin roles

So if I try to access an views/admin/index
Then I check

If user.role = “admin”
//if they are then OK but if not

redirect to "not authorised" ?

0

Featured Post

Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Excel import error " External table is not in expected format" 12 48
error on the asp.net page 1 33
Not showing page correctly 3 30
Error on Add method 1 38
Just a quick little trick I learned recently.  Now that I'm using jQuery with abandon in my asp.net applications, I have grown tired of the following syntax:      (CODE) I suppose it just offends my sense of decency to put inline VBScript on a…
A quick way to get a menu to work on our website, is using the Menu control and assign it to a web.sitemap using SiteMapDataSource. Example of web.sitemap file: (CODE) Sample code to add to the page menu: (CODE) Running the application, we wi…
The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now