tags:

views:

198

answers:

1
Q: 

ASP.NET MVC Membership: how can I create/configure it?

Hi everyone!

I'm having a huge problem in understanding Membership with MVC. We have in our project controllers named "Admin" and "SuperAdmin" and they are restricted to some users.

Do I have to use the Authorize Roles attribute on each Action or can I use a ActionFilter to check if an user can view a certain page?

And if I have to user Roles attribute, do I have to configure each user on the ASP.NET Configuration tool? For example, "SuperAdmin" will be only a few users (around 3 at top), making easy to use ASP.NET Configuration tool and tells it who these users are. But "Admin" users will be many more... how can I configure them?

I'm totally lost!

I need a great clarifying on that!

Thanks a lot!!!

+2  A: 

You can apply the AuthorizeAttribute to controllers as well as actions. If you apply it to the controller, each method will have its access restricted with respect to the attribute. You can also apply another instance of the attribute to individual actions to further restrict access if necessary based on other roles. You will need to put the individual users in their roles for them to have access to role-controlled controllers/actions.

tvanfosson  2009-08-05 14:44:32
@tvanfosson - But, in a case of "Admin" users (which I don't know how many of them will exist), do I have to configure every single one to "Admin" role in Configuration tool?
AndreMiranda  2009-08-05 14:51:43
@AndreMiranda - It's either configure them in the configuration tool, or build your own user administration system so the application SuperAdmin's can go in and do it themselves.
mannish  2009-08-05 15:23:35
@andreMiranda -- I usually role my own RoleProvider and set up the management of roles as part of the administrator section of the application as @mannish suggests. If you use the WindowsTokenRoleProvider, you could manage this with AD groups offline. Depends on whether that's available to your app or not.
tvanfosson  2009-08-05 15:48:01
ok! I will try the answers from you! :-) Thanks a lot!
AndreMiranda  2009-08-05 15:48:36

related questions

What's the best way to implement field validation using ASP.NET MVC?
How do I handle page flow in MVC (particularly asp.net)
Entity diagrams in ASP.NET MVC
How do I get rid of Home in ASP.Net MVC?
Can I generate ASP.NET MVC routes from a Sitemap?
ASP.NET Model-view-controller (MVC) - where do I start from?
user controls and asp.net mvc
ASP.Net MVC route mapping
RSS Feeds in ASP.NET MVC
Open Source Licensing Options for ASP.NET MVC Application?
Does the OutputCacheFilter in the Microsoft MVC Preview 4 actually save on action invocations?
MVC Learning Resources
Validating posted form data in the ASP.NET MVC framework
Best mock framework that can do both WebForms and MVC?
Use the routing engine for form submissions in ASP.NET MVC Preview 4
How do you get a custom id to render using HtmlHelper in MVC
MVC Preview 4 - No route in the route table matches the supplied values.
Is there a way to include a fragment identifier when using Asp.Net MVC ActionLink, RedirectToAction, etc. ?
In ASP.NET MVC I encounter an incorrect type error when rendering a user control with the correct typed object
ASP.NET MVC - Is it worth it yet?
Multiple languages in an ASP.NET MVC application?
Is it better to create Model classes, or just stick with generic database utility class?
ASP.NET MVC Without Visual Studio
ASP.NET MVC "CRUD" Database Sample
How to RedirectToAction in ASP.NET MVC without losing request data