tags:

views:

271

answers:

3
+3  Q: 

How to setup routing for my admin section in ASP.NET MVC?

Hi

Normally my URLs look like the standard: www.example.com/controller/action

Now I want to setup my administration section like:

 www.example.com/admin/
 www.example.com/admin/user/list
 www.example.com/admin/content/add
etc.

So the format is: www.example.com/admin/controller/action

I can't seem to figure out how to setup the routes so it looks like the above.

+10  A: 

You just need to map a new path with the 'admin' section hardcoded at the beginning of the route definition.

For example add this to your routes in RegisterRoutes in the Global.asax.cs file and make sure it appears above the default route (assuming you haven't added other routes):

routes.MapRoute(
    "Default",                                              
    "admin/{controller}/{action}/{id}",                     
    new { controller = "Home", action = "Index", id = "" } 
);

Note: the 'admin' part hardcoded at the start of the route definition.

Note 2: If you have added other routes beyond the default you will need to make sure your routes are ordered correctly.

Here is a link to a good blog post from Scott Guthrie regarding MVC routing: URL Routing

Kelsey  2009-09-09 17:26:19
+3  A: 

Kelsey's answer is right on the mark, but I wanted to add something to the discussion. Another option is to not actually have "admin" routes at all, but instead require admin authenticated sessions for actually accessing the restricted urls.

This is often how things are done in "traditional" RESTful applications. Your controller represents the type of resource you are manipulating, the action is the verb, and the id is the unique identifier for a specific member of that resource.

In other words, instead of having:

/content/list (for normal users)
/admin/content/add (for admins)

You would have

/content/list (for everyone)
/content/add (for admin, but must be authenticated to work)

Adding /admin/ to the URL doesn't really add any benifits (except perhaps that you can write your securing logic with just a single rule against anything under /admin), but the tradeoff is more complicated routes and breaking standard RESTful. Breaking standard practices isn't in of itself a bad thing, but you should consider that they are standard for a reason, and unless you have specific benefits for breaking them, you might consider adhering to them.

It should be noted that in both URL styles you need to be authenticating the user, otherwise anyone could use it.

In ASP.NET MVC, you can restrict access to actions (or even whole controllers) based on user level using ActionFilters. By decorating your admin-only actions with these filters, you can ensure only authenticated adminstrative users can actually use them.

Read Scott Gu's blog entry or Rob Connery's post for more information.

Matt  2009-09-10 15:47:39
How would you handle a list action for users (they don't have access to view everything) and a list action for admins (where they do get to see everything)? I'd prefer not to have an action list listAdmin or something silly. Or am I going about it the wrong way.
Mr Rogers  2009-11-24 20:05:31
@MrRogers - It really depends on how the two will differ. If the only difference is which and how much data is shown, you would typically keep the same view but let the controller specify which data is to be shown. If the two views are in fact slightly different (such as having edit/delete buttons for admins), you can check for admin status in the view template with a conditional statement. You can set admin status in the ViewData or in the Session. One last option is to pull them out into partials. So, you only have 1 view, list.aspx, but then admin vs regular user are each in partials.
Matt  2009-11-28 19:02:16
+3  A: 

As of MVC Version 2 they have added the 'area' concept which allows you to do this properly :) Here is ScottGu's post about MVC 2 Preview.

Runeborg  2009-09-10 15:49:03
Areas are a nice feature in MVC2, but in this particular use case you're still breaking up the same resource into different controllers. So, now instead of having all your "content" logic together in a single controller, you've broken it up. You're much more likely to violate the DRY rule in this case. Not to mention the semantic discord.
Matt  2009-09-10 15:54:22
Well that all depends on what the admin interface is doing. If it is a backend for administrating the system this is an entirely different thing from your content. If it's just add functionality then yes, your suggestion of just limiting it by authentication is probably better. But I doubt that's all there is to the admin interface.
Runeborg  2009-09-10 23:55:59

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?