Solved

Creating an administrators only partition in asp.net MVC app without using membership provider

Posted on 2010-09-16
4
768 Views
Last Modified: 2013-11-08
I want to partition off an admin area in my MVC app however I am not using membership provider just forms authentication.

I have my own user and roles table and each user is assigned a role.   I can check through the app for each users role
Eg.   If user.role = “admin” then ………and so on

I have created an Admin folder for my views and setup routing in global.asax (see code).
What would I need to do now?

Say I have a “UserController” that deals with managing users; only admins can access this so would I do this?

I can set the  [Authorize] attribute on each action method but as I am not using membership I am unsure if I can do anything else.





routes.MapRoute(
                "DefaultAdmin",                                         // Route name
                "admin/{controller}/{action}/{id}",                    // URL with parameters
                new { controller = "Admin", action = "Index", id = "" } // Parameter defaults
            );

Open in new window

0
Comment
Question by:ToString1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 7

Expert Comment

by:jamesbaile
ID: 33689846
Is there any reason why you are not using a membership provider? If you have your own schema then you can always create your own provider which will make the management of the whole site a lot easier.
0
 

Author Comment

by:ToString1
ID: 33689899
HI Yes
It was probably a mistake not to use membership provider but it is late in the project so I need a fix.



0
 
LVL 7

Accepted Solution

by:
jamesbaile earned 500 total points
ID: 33690087
If you can't create your own membership provider then presumably you are handling the logging in, in your code, in which case you will need to make sure that you add the roles that the user is authorised for to the security principle when you authenticate. Then you will be able to use the [Authorize] attribute on your controllers.
0
 

Author Comment

by:ToString1
ID: 33690116
HI Yes

I am using the [Authorize]  attribute on my controllers and that works fine.

In code I can do

If user.role = “admin” ......

However I cannot add this to the [Authorize] attribute ?  
[Authorize roles="admin"]  because I am not using membership provider.

I need an approach were everything within the admin folder is only accessed by admin roles

So if I try to access an views/admin/index
Then I check

If user.role = “admin”
//if they are then OK but if not

redirect to "not authorised" ?

0

Featured Post

Ready to get started with anonymous questions?

It's easy! Check out this step-by-step guide for asking an anonymous question on Experts Exchange.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

User art_snob (http://www.experts-exchange.com/M_6114203.html) encountered strange behavior of Android Web browser on his Mobile Web site. It took a while to find the true cause. It happens so, that the Android Web browser (at least up to OS ver. 2.…
Introduction This article shows how to use the open source plupload control to upload multiple images. The images are resized on the client side before uploading and the upload is done in chunks. Background I had to provide a way for user…
The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Suggested Courses

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question