tags:

views:

2682

answers:

1

another newbie question on ASP.NET MVC ( since I'm don't normally do web apps... )

I'm looking at the MVC account controller.... it seems to be from asp.net?

Is there any good background information on how to use it?

Can you map it to a user database table?

or is it better to simply role your own user management?

How do you make use of it in MVC to restrict what pages a logged in user can view? Do you have to roll all of that on your own?

any links to anything that might help me? or books that might be useful? ( I have safari books online so have access to a lot of books...)

+5  A: 

I'm looking at the MVC account controller.... it seems to be from asp.net?

Scott Guthrie explains this quite well in his blog entry about ASP.NET MVC Preview 4. He basically says that the Account Controller from the MVC sample uses the ASP.NET membership provider, so you can use any of those. (I think you can find out more about ASP.NET membership providers on the internet.) If you do not want to implement/use one of those, modifying the application to use your own user management would probably be the best option.

How do you make use of it in MVC to restrict what pages a logged in user can view? Do you have to roll all of that on your own?

You can add the Authorize attribute to the controller class or action method. (Same source as above.)

// Only logged in users can access this controller.
[Authorize]
public class SomeController : Controller
{
    #region Not really important for this example. :]
    // Maybe rather use a BLL service here instead of the repository from the DAL, but this example is already more verbose than required.
    private IStuffRepository stuffRepository;

    public SomeController(IStuffRepository stuffRepository)
    {
        if (null == stuffRepository)
        {
            throw new ArgumentNullException("stuffRepository");
        }

        this.stuffRepository = stuffRepository;
    }
    #endregion

    // The authorize attribute is inherited - only logged in users can use the index action.
    public ActionResult Index()
    {
        return View();
    }

    // Moderators can flag stuff.
    [Authorize(Roles="Moderator")]
    public ActionResult Flag(int id)
    {
        this.stuffRepository.Flag(id);
        return RedirectToAction("Index");
    }

    // Admins ans SysOps can delete stuff.
    [Authorize(Roles="Admin,SysOp")]
    public ActionResult Delete(int id)
    {
        this.stuffRepository.Delete(id);
        return RedirectToAction("Index");
    }

    // Only joed can change the objects stuff. ;)
    // (This is probably bullshit, of course, but I could not make any better example. I blame the fact it is late at night. :))
    [Authorize(Users="COMPANY\\joed")]
    public ActionResult ChangeId(int oldId, int newId)
    {
        this.stuffRepository.ChangeId(oldId, newId);
        return RedirectToAction("Index");
    }
}
hangy