where to check if user is login and how to prevent not login users to enter to the admin section

Question

i have route all admin controllers to "admin folder",
but i want to check if the user is login and if not to give him login view.
for the not login user i want to let him enter just the "website" controller
where i need to check it?

public static void RegisterRoutes(RouteCollection routes)
    {
        routes.IgnoreRoute("elmah.axd");
        routes.IgnoreRoute("admin/page/Scripts/tiny_mce/templates/(.*/).htm");
        routes.IgnoreRoute("content/themes/(.*/)/(.*/).css");
         routes.IgnoreRoute("{resource}.axd/{*pathInfo}");
        routes.IgnoreRoute("{*favicon}", new { favicon = @"(.*/)?favicon.ico(/.*)?" });


        routes.MapRoute(
            "Default", // Route name /Account/LogOn
            "admin/{controller}/{action}/{id}", // URL with parameters
            new { controller = "Home", action = "Index", id = UrlParameter.Optional } // Parameter defaults
            //new { controller = "Account", action = "LogOn", id = UrlParameter.Optional }
            );

       routes.MapRoute(
           "pagesseo", // Route name /Account/LogOn
           "{fName}", // URL with parameters
           new { controller = "website", action = "Index", fName = UrlParameter.Optional } // Parameter defaults
           );


    }

Answer 1

Hi,

Take a look at the following Website: http://www.dreamincode.net/forums/topic/161288-reroute-to-login-in-aspnet-mvc-using-authentication/

This might help you. It shows how to restrict access and control access to controllers or pages.

Hope it helps , Be happy.

Answer 2

You could use the [Authorize] attribute to set authorization roles on controller actions.

Answer 3

I assume you are planning on using Windows Authentication, meaning that user has logged into their windows account before accessing your web site. You want to see if the credentials supplied match people on the list of 'admins'. In your web.config you need to specify that you are using Windows Authentication. To do this you put <authentication mode="Windows"/> into the the system.web section. Then in your protected pages OnInit routine you put something like the following.

    if (!IsPostBack)
    {
        // if this is the first request for this page create the
        // validation object and record their arrival
        String userName = Request.ServerVariables["LOGON_USER"];
        String host = Request.UserHostAddress;
        UserValidation valid = new UserValidation();
        if valid.checkUser(userName, host)
        {
            logger.Info("User " + userName + " opened the reviewer form");
        } else
        {
             // ... redirect to error message page
        }
    }