• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 833
  • Last Modified:

Securing MVC controllers by role

I have implemented custom IPrincipal object with forms authentication and throughout my app I can do

 if (HttpContext.User.IsInRole("Admin")) or whatever role.

I want to be able to use this to lock down certain controller actions so can I do this with the [Authorize] attribute?   Or ActionFilter?

I am using MVC 2

So say I have an adminController I only want adminRoles to be able to perform actionResults

Currently I have

  [Authorize]
  public ActionResult Index()
   {

This is an admin index actionResult so I want to say "only if you are admin can you perform this action" else redirect
0
ToString1
Asked:
ToString1
  • 2
1 Solution
 
cubaman_24Commented:
This one is very easy:

[Authorize(Roles = "Admin, Super User")]
     public ActionResult AdministratorsOnly()
     {
         return View();
     }
http://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute.aspx
0
 
ToString1Author Commented:
Thanks

I am not using role provider so I don't think I can use that.  I wanted to use my own customer action filter
0
 
cubaman_24Commented:
Mmm, I think that if you implemented IPrincipal  and it's correctly configured in your web.config you can use it. Give it a try. ;-)
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now