Tutorial :Need an Asp.net MVC Application solution



Question:

I have implemented a small ordering and stock control system (for internal using) with the MVC 2 framework. Now my friends, they want to have a website to present the existing products for their customers. I know, I know they will ask me to do this one day. So in the beginning, I have made the controller name to start with "Admin". But now I am not sure the best way to implement their requirements. Could you advise me?

1.For the security reason, I did not allowed anonymous user to access the website a part from the CSS and image files. My question is the controllers' name are not folders' name, how could I set this up?

<!--Only allow the anonymous users to access the content folder-->  <location path="Content">  <system.web>  <authorization>  <allow users="*"/>  </authorization>  </system.web>  </location>  

2.I'm planning to put the admin section into an "area" and will it be a good way to go? Can anyone provide me some suggestions.

Many thanks.

controllerview


Solution:1

MVC use routing to serve the requests. There is no folder to control access rights. Instead you can use Attributes on top of controllers, or on top of action methods.

I see you have a base controller, you could decorate your base controller with the appropriate Authorize attribute...

I don't agree with Buu about Areas. I think that areas to separate the section of a website makes the project structure easier to understand. It will also let you place the routing configuration inside their area instead of having everything in your global.asax. I think it's worth it even before you have a lot of views. Admin/Public is a classic case.

follow the link from Buu..


Solution:2

  1. If the built-in Authorize filter doesn't work for you, you can always implement a custom authorization filter.

  2. If you have a large project (hundreds of views), then yes, I do think using areas is a good idea.


Solution:3

Personally, I'd create a completely different website to handle public access. Best way to secure a view is to not have it in the first place.

Second option would be to create two areas, Internal and Public. You can secure each by dropping a web.config within each area folder, the one in Public allowing for anonymous access and the one in Internal restricting access to people logged into your office domain.

Third option is to perform security culling in your controller methods. This would require lots of work and would be a good idea to do this anyhow, but realize a bug here means you have a vulnerability in your system.


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »