Securing MVC controllers by role

I have implemented custom IPrincipal object with forms authentication and throughout my app I can do

 if (HttpContext.User.IsInRole("Admin")) or whatever role.

I want to be able to use this to lock down certain controller actions so can I do this with the [Authorize] attribute?   Or ActionFilter?

I am using MVC 2

So say I have an adminController I only want adminRoles to be able to perform actionResults

Currently I have

  [Authorize]
  public ActionResult Index()
   {

This is an admin index actionResult so I want to say "only if you are admin can you perform this action" else redirect
ToString1Asked:
Who is Participating?
 
cubaman_24Connect With a Mentor Commented:
Mmm, I think that if you implemented IPrincipal  and it's correctly configured in your web.config you can use it. Give it a try. ;-)
0
 
cubaman_24Commented:
This one is very easy:

[Authorize(Roles = "Admin, Super User")]
     public ActionResult AdministratorsOnly()
     {
         return View();
     }
http://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute.aspx
0
 
ToString1Author Commented:
Thanks

I am not using role provider so I don't think I can use that.  I wanted to use my own customer action filter
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.