tags:

views:

32

answers:

1
+1  Q: 

How to make an Asp.net MVC 2 website have a Private Beta Mode.

I am creating an ASP.Net MVC website that I am launching soon in private beta.

What I am using.

  • ASP.NET MVC 2
  • ASP.NET Sql Membership Provider
  • Authorization Attributes on ActionMethods. ex. [EditorsOnly]

What I am trying to accomplish:

  • During the private Beta period of my website, I want no anonymous users to access my site.
  • Only Beta Testers of my site should be able to login and use my site as normal.
  • After the private beta period people can access it using the security structure I already have set up.
  • I am hoping I do not have to recompile but can have a setting in the webconfig to switch between Private Beta mode to Normal mode.

Thanks for your suggestions.

A: 

What if you had two sets of controllers that were identical except that the authorization attributes differed from one to another. Now I'm usually one to strongly shy away from code duplication, but this only duplicated for a finite period of time where you later remove the duplicated code. If you do this, then you can route your pages to the "beta" controllers during beta time and reroute to the "live" controllers when you make the switch. Doing it this way means you only make changes in the global.asax file to "flip the switch". You can then later remove the "beta" controllers on your own schedule.

There might be a better solution but I don't think this is that bad of an option. This is a bad long-term solution but your requirements, by definition, makes it a short-term solution.

Jaxidian  2010-04-01 21:14:59
Hmm, did I over-complicate this when you could simply create your "beta" controllers by inheriting the "live" controller? This would reduce code duplication for the actual content of the code. Your "beta" controllers would be decorated slightly differently but would just keep calling `base.Foo()` for most of it. Same concept as my post, but with OO.
Jaxidian  2010-04-01 21:16:43
Thanks Jaxidian, Yep that would work. I thought perhaps that there was something simple I could do by overriding something in the Controller Factory, or the membership provider. Or a universial method that I can put some code that redirects to login if they are not in the beta user role. But I may be over complicating the problem.
Mark Kitz  2010-04-01 23:31:09

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security