Max
Reputation: 5063
In MVC3 how to restrict access to an Area with a role-based authorization?
In MVC3 we can restrict access to a Controller using the [Authorize] attribute, specifying that the user must be in the Administrator role to access any controller action in the class, like in the following example...
[Authorize(Roles = "Administrator")]
public class MyDefaultController : Controller
{
// Controller code here
}
However how to restrict acces to an entire Area in MVC3 without specify the [Authorize] attribute for each Controller class inside the Area?
Upvotes: 1
Views: 1266
Answers (1)
Behnam Esmaili
Reputation: 5967
you can use RouteConstraints for doing this :
write a class like this :
public class AreaRouteConstraint : IRouteConstraint
{
public bool Match(HttpContextBase httpContext, Route route, string parameterName, RouteValueDictionary values, RouteDirection routeDirection)
{
return Validate(values["area"];
}
}
implementing Validate method is up to you.
and use it like this:
routes.MapRoute(
name: "yourRouteName",
url: "Url",
defaults: new { controller = "controller", action = "action" , area="area" },
constraints: new AreaRouteConstraint ()
);
Upvotes: 2
Related Questions
- Implement Role Based Security in MVC 4
- How can we set authorization for a whole area in ASP.NET MVC?
- Possible to [Authorize] at the Area level in ASP.NET MVC 2?
- MVC Limit / Redirect Role to Area
- How to protect an entire MVC Area by IP/Role/User?
- asp.net MVC role based access to controller
- ASP.NET MVC 3 - How to restrict areas in an efficient way?
- Implementing access control in ASP.NET MVC 3
- Restrict Area to a given role
- Forms Authentication (restrict an area)