We are in our intranet using LDAP and config files in our asp.net pages to specify access to the pages. I want to use asp.net mvc for all new pages, but I have not idea on how I can specify the access level with asp.net mvc. Lets say that I have two controllers foo and bar. How can I configure asp.net mvc to let an users that belongs to group1 to access both foo and bar while users in group2 only should be able to access bar?
A:
Depending on how you are authenticating the users, it is as easy as using the built in ASP.NET authentication mechanisms. On your Controller/Actions, use the [Authorize("DOMAIN\Group1,DOMAIN\Group2")] attribute. This is what I'm using for users that are located in Active Directory and it works like a charm. Of course you will want to put the [Authenticate] attribute on the Controller/Action as well to ensure they are logged in first.
Agent_9191
2009-10-08 16:49:15
Last time I checked, Authorize requires user.IsAuthenticated to be true, so the Authenticate attribute is a bit of a red herring here.
Wyatt Barnett
2009-10-08 17:25:51