views:

271

answers:

3

Hi

Normally my URLs look like the standard: www.example.com/controller/action

Now I want to setup my administration section like:

 www.example.com/admin/
 www.example.com/admin/user/list
 www.example.com/admin/content/add
etc.

So the format is: www.example.com/admin/controller/action

I can't seem to figure out how to setup the routes so it looks like the above.

+10  A: 

You just need to map a new path with the 'admin' section hardcoded at the beginning of the route definition.

For example add this to your routes in RegisterRoutes in the Global.asax.cs file and make sure it appears above the default route (assuming you haven't added other routes):

routes.MapRoute(
    "Default",                                              
    "admin/{controller}/{action}/{id}",                     
    new { controller = "Home", action = "Index", id = "" } 
);

Note: the 'admin' part hardcoded at the start of the route definition.

Note 2: If you have added other routes beyond the default you will need to make sure your routes are ordered correctly.

Here is a link to a good blog post from Scott Guthrie regarding MVC routing: URL Routing

Kelsey
+3  A: 

Kelsey's answer is right on the mark, but I wanted to add something to the discussion. Another option is to not actually have "admin" routes at all, but instead require admin authenticated sessions for actually accessing the restricted urls.

This is often how things are done in "traditional" RESTful applications. Your controller represents the type of resource you are manipulating, the action is the verb, and the id is the unique identifier for a specific member of that resource.

In other words, instead of having:

/content/list (for normal users)
/admin/content/add (for admins)

You would have

/content/list (for everyone)
/content/add (for admin, but must be authenticated to work)

Adding /admin/ to the URL doesn't really add any benifits (except perhaps that you can write your securing logic with just a single rule against anything under /admin), but the tradeoff is more complicated routes and breaking standard RESTful. Breaking standard practices isn't in of itself a bad thing, but you should consider that they are standard for a reason, and unless you have specific benefits for breaking them, you might consider adhering to them.

It should be noted that in both URL styles you need to be authenticating the user, otherwise anyone could use it.

In ASP.NET MVC, you can restrict access to actions (or even whole controllers) based on user level using ActionFilters. By decorating your admin-only actions with these filters, you can ensure only authenticated adminstrative users can actually use them.

Read Scott Gu's blog entry or Rob Connery's post for more information.

Matt
How would you handle a list action for users (they don't have access to view everything) and a list action for admins (where they do get to see everything)? I'd prefer not to have an action list listAdmin or something silly. Or am I going about it the wrong way.
Mr Rogers
@MrRogers - It really depends on how the two will differ. If the only difference is which and how much data is shown, you would typically keep the same view but let the controller specify which data is to be shown. If the two views are in fact slightly different (such as having edit/delete buttons for admins), you can check for admin status in the view template with a conditional statement. You can set admin status in the ViewData or in the Session. One last option is to pull them out into partials. So, you only have 1 view, list.aspx, but then admin vs regular user are each in partials.
Matt
+3  A: 

As of MVC Version 2 they have added the 'area' concept which allows you to do this properly :) Here is ScottGu's post about MVC 2 Preview.

Runeborg
Areas are a nice feature in MVC2, but in this particular use case you're still breaking up the same resource into different controllers. So, now instead of having all your "content" logic together in a single controller, you've broken it up. You're much more likely to violate the DRY rule in this case. Not to mention the semantic discord.
Matt
Well that all depends on what the admin interface is doing. If it is a backend for administrating the system this is an entirely different thing from your content. If it's just add functionality then yes, your suggestion of just limiting it by authentication is probably better. But I doubt that's all there is to the admin interface.
Runeborg