Securing MVC controllers by role

Posted on 2010-09-16
Medium Priority
Last Modified: 2013-11-08
I have implemented custom IPrincipal object with forms authentication and throughout my app I can do

 if (HttpContext.User.IsInRole("Admin")) or whatever role.

I want to be able to use this to lock down certain controller actions so can I do this with the [Authorize] attribute?   Or ActionFilter?

I am using MVC 2

So say I have an adminController I only want adminRoles to be able to perform actionResults

Currently I have

  public ActionResult Index()

This is an admin index actionResult so I want to say "only if you are admin can you perform this action" else redirect
Question by:ToString1
  • 2

Expert Comment

ID: 33699732
This one is very easy:

[Authorize(Roles = "Admin, Super User")]
     public ActionResult AdministratorsOnly()
         return View();

Author Comment

ID: 33699830

I am not using role provider so I don't think I can use that.  I wanted to use my own customer action filter

Accepted Solution

cubaman_24 earned 2000 total points
ID: 33699913
Mmm, I think that if you implemented IPrincipal  and it's correctly configured in your web.config you can use it. Give it a try. ;-)

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Exception Handling is in the core of any application that is able to dignify its name. In this article, I'll guide you through the process of writing a DRY (Don't Repeat Yourself) Exception Handling mechanism, using Aspect Oriented Programming.
There is a wide range of advantages associated with the use of ASP.NET. This is why this programming framework is used to create excellent enterprise-class websites, technologies, and web applications.
The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
If you are looking for an automated tool which can generate reports for Outlook emails and other items from PST file, then you can go for Kernel PST Reporter tool. The reports which are created by this tool are helpful to analyze and understand PST …

619 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question