Solved

Securing MVC controllers by role

Posted on 2010-09-16
3
782 Views
Last Modified: 2013-11-08
I have implemented custom IPrincipal object with forms authentication and throughout my app I can do

 if (HttpContext.User.IsInRole("Admin")) or whatever role.

I want to be able to use this to lock down certain controller actions so can I do this with the [Authorize] attribute?   Or ActionFilter?

I am using MVC 2

So say I have an adminController I only want adminRoles to be able to perform actionResults

Currently I have

  [Authorize]
  public ActionResult Index()
   {

This is an admin index actionResult so I want to say "only if you are admin can you perform this action" else redirect
0
Comment
Question by:ToString1
  • 2
3 Comments
 
LVL 8

Expert Comment

by:cubaman_24
ID: 33699732
This one is very easy:

[Authorize(Roles = "Admin, Super User")]
     public ActionResult AdministratorsOnly()
     {
         return View();
     }
http://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute.aspx
0
 

Author Comment

by:ToString1
ID: 33699830
Thanks

I am not using role provider so I don't think I can use that.  I wanted to use my own customer action filter
0
 
LVL 8

Accepted Solution

by:
cubaman_24 earned 500 total points
ID: 33699913
Mmm, I think that if you implemented IPrincipal  and it's correctly configured in your web.config you can use it. Give it a try. ;-)
0

Featured Post

Save on storage to protect fatherhood memories

You're the dad who has everything. This Father's Day, make sure your family memories are protected. My Passport Ultra has automatic backup and password protection to keep your cherished photos and videos safe. With up to 3TB, you have plenty of room to hold the adventures ahead.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Entity Framework is a powerful tool to help you interact with the DataBase but still doesn't help much when we have a Stored Procedure that returns more than one resultset. The solution takes some of out-of-the-box thinking; read on!
Calculating holidays and working days is a function that is often needed yet it is not one found within the Framework. This article presents one approach to building a working-day calculator for use in .NET.
The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now