I have implemented custom IPrincipal object with forms authentication and throughout my app I can do
if (HttpContext.User.IsInRole("Admin")) or whatever role.
I want to be able to use this to lock down certain controller actions so can I do this with the [Authorize] attribute? Or ActionFilter?
I am using MVC 2
So say I have an adminController I only want adminRoles to be able to perform actionResults
Currently I have
public ActionResult Index()
This is an admin index actionResult so I want to say "only if you are admin can you perform this action" else redirect