[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Securing MVC controllers by role

Posted on 2010-09-16
3
Medium Priority
?
827 Views
Last Modified: 2013-11-08
I have implemented custom IPrincipal object with forms authentication and throughout my app I can do

 if (HttpContext.User.IsInRole("Admin")) or whatever role.

I want to be able to use this to lock down certain controller actions so can I do this with the [Authorize] attribute?   Or ActionFilter?

I am using MVC 2

So say I have an adminController I only want adminRoles to be able to perform actionResults

Currently I have

  [Authorize]
  public ActionResult Index()
   {

This is an admin index actionResult so I want to say "only if you are admin can you perform this action" else redirect
0
Comment
Question by:ToString1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 8

Expert Comment

by:cubaman_24
ID: 33699732
This one is very easy:

[Authorize(Roles = "Admin, Super User")]
     public ActionResult AdministratorsOnly()
     {
         return View();
     }
http://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute.aspx
0
 

Author Comment

by:ToString1
ID: 33699830
Thanks

I am not using role provider so I don't think I can use that.  I wanted to use my own customer action filter
0
 
LVL 8

Accepted Solution

by:
cubaman_24 earned 2000 total points
ID: 33699913
Mmm, I think that if you implemented IPrincipal  and it's correctly configured in your web.config you can use it. Give it a try. ;-)
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

User art_snob (http://www.experts-exchange.com/M_6114203.html) encountered strange behavior of Android Web browser on his Mobile Web site. It took a while to find the true cause. It happens so, that the Android Web browser (at least up to OS ver. 2.…
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question