tags:

views:

194

answers:

3
+3  Q: 

ASP.NET MVC How many levels deep should a view or URL be?

I am still learning ASP.NET MVC. With webforms, I would create a new folder let's call it admin. In there I might have many pages for create_product, edit_product, etc. So the URL might look like http://somesite.com/admin/create%5Fproduct.aspx.

But with MVC it is a little different. I am trying to see what would be the best way to do this.

Would doing http://somesite.com/admin/product/create be right? Or should it just be http://somesite.com/product/create? If I do it as the first way, do I put everything in the "admin" controller or should it be separated into a "product" controller?

I know this is probably subjective or personal choice, but I would like to get some advise.

Thanks.

+1  A: 

For admin stuff, just mark with [Authorize] attribute. To ensure only admins can use it, do something like [Authorize(Roles = "Admin")]. Check out this question

Also, /product/create is most common, I think :)

l3dx  2009-09-11 16:57:49
Thansks, I am not to the point of authorizing users. I just want to see how I should form my URLs. Or some good advise on doing it. :)
vincentw56  2009-09-11 17:04:11
A: 

I3Dx definitely has the right guidance for the Authorize attribute, this is essential for keeping controller secure, you can apply to a controller or individual actions.

As far as the URL depth, I would not worry about the depth, I would be more concerned that the route made logical sense for example:

domain.com/admin/products/edit/1

domain.com/admin/groups/edit/1

domain.com/products/view/1

domain.com/groups/view/1

This way you know what is happening with each route. it is obvious that one is an admin and one is an end user.

The easyest way to check is to get someone to read your URL and ask them what they would expect to see.

Hope this helps.

OH and one last thing, for client side routes we often use "slugs" rather than ids so that it is more readable. So when someone creates a product we slugify the name so it can be used in the route such as:

domain.com/products/view/big-red-bucket

rather than

domain.com/products/view/1

Richard  2009-09-11 17:03:39
+5  A: 

Part of the benefit of ASP.NET MVC (and more generally, the URL Routing Engine common to all of ASP.NET in .NET 3.5 SP1) is that the URLs can be flexibly configured to map to any folder / file structure you prefer. That means it's much easier than it was in the days of WebForms to modify your URLs after you've started building your project.

To your specific questions:

  • One Admin Controller vs. Product Controller - In general, the guidance is to keep controllers focused so that they are easier to test and maintain. For that reason, I would suggest using a single controller per object type (like Product) with your CRUD actions. Examples in your case:

    /admin/product/create

    /admin/product/edit/34 or /admin/product/edit/red-shoes (if name is unique)

    In either case, the Create, Edit, Deatils actions will all be in the ProductController. You may just have custom routes for the "admin actions" (like Create and Edit) that limit their usage (and add the "admin" text to the URL), and then the Details action would be usable by all visitors to your site.

  • Securing Admin Views - One important fact to remember with MVC: all requests go directly to controllers, not views. That means the old "secure a directory with web.config" does not apply (usually) to MVC for securing your Admin. Instead, you should now apply security directly to the controllers. This can easily be achieved by using attributes to Controller classes like:
    • [Authorize] - Just checks that the user is logged-in
    • [Authorize(Roles = "Admin")] - Limit to specific user roles
    • [Authorize(Users = "Joe")] - Limit to specific users

You can even create a custom route for "Admin" views in your site and limit access to those views by enforcing your authorization check in the URL routing, like this:

routes.MapRoute(
  "Admin",
  "Admin/{controller}/{action}",
  new { controller = "Product", action = "Index" },
  new { authenticated= new AuthenticatedConstraint()}
);

Where AuthenticatedConstraint looks something like:

using System.Web;
using System.Web.Routing;
public class AuthenticatedConstraint : IRouteConstraint
{
  public bool Match(HttpContextBase httpContext, Route route, string parameterName, RouteValueDictionary values, RouteDirection routeDirection)
  {
    return httpContext.Request.IsAuthenticated;
  }
}

Good details on Stephen Walther's blog: ASP.NET MVC Tip #30 – Create Custom Route Constraints

Todd  2009-09-11 17:09:36

related questions

What's the best way to implement field validation using ASP.NET MVC?
How do I handle page flow in MVC (particularly asp.net)
Entity diagrams in ASP.NET MVC
How do I get rid of Home in ASP.Net MVC?
Can I generate ASP.NET MVC routes from a Sitemap?
ASP.NET Model-view-controller (MVC) - where do I start from?
user controls and asp.net mvc
ASP.Net MVC route mapping
RSS Feeds in ASP.NET MVC
Open Source Licensing Options for ASP.NET MVC Application?
Does the OutputCacheFilter in the Microsoft MVC Preview 4 actually save on action invocations?
MVC Learning Resources
Validating posted form data in the ASP.NET MVC framework
Best mock framework that can do both WebForms and MVC?
Use the routing engine for form submissions in ASP.NET MVC Preview 4
How do you get a custom id to render using HtmlHelper in MVC
MVC Preview 4 - No route in the route table matches the supplied values.
Is there a way to include a fragment identifier when using Asp.Net MVC ActionLink, RedirectToAction, etc. ?
In ASP.NET MVC I encounter an incorrect type error when rendering a user control with the correct typed object
ASP.NET MVC - Is it worth it yet?
Multiple languages in an ASP.NET MVC application?
Is it better to create Model classes, or just stick with generic database utility class?
ASP.NET MVC Without Visual Studio
ASP.NET MVC "CRUD" Database Sample
How to RedirectToAction in ASP.NET MVC without losing request data