CODEWITHSUNDEEP
asp.net-mvcview
nishantvodoo
nishantvodoo

Reputation: 865

What is the correct way of rendering a view?

I am trying to create an MVC 4 ASP.net site. As I am new to programming I would like to know what is the correct way of rendering a view based on if a user is logged in or not.

My Code: I am trying to restrict a user from going to the Index, About and Contact pages. It will only go to those pages(views) if the user is Logged In. My question is, "Is this the right way of doing it or is this wrong? Is there a more secure, effective, and acceptable way of doing this?"

Please let me know if there is. Thank You

public class HomeController : Controller
{
    public ActionResult Index()
    {
        if (User.Identity.IsAuthenticated)
        {
            return View();
        }
        return RedirectToRoute(new { controller = "Account", action = "Login" });
    }

    public ActionResult About()
    {
        if (User.Identity.IsAuthenticated)
        {
            ViewBag.Message = "Your app description page.";
            return View();
        }
        return RedirectToRoute(new { controller = "Account", action = "Login" });

    }

    public ActionResult Contact()
    {
        if (User.Identity.IsAuthenticated)
        {
            ViewBag.Message = "Your contact page.";

            return View();

        }
        return RedirectToRoute(new { controller = "Account", action = "Login" });
    }

Upvotes: 0

Views: 72

Answers (2)

Bhushan Firake
Bhushan Firake

Reputation: 9448

The Authorize attribute lets you indicate that authorization is restricted to predefined roles or to individual users.

  • This gives you a high degree of control over who is authorized to view any page on the site.
  • If an unauthorized user tries to access a method that is marked with the Authorize attribute, the MVC framework returns a 401 HTTP status code.
  • If the site is configured to use ASP.NET forms authentication, the 401 status code causes the browser to redirect the user to the login page.

You can use [Authorize] on your controller if all the methods require login as below:

[Authorize]
public class HomeController : Controller
{
    public ActionResult Index()
    { 
       return View();      
    }

    public ActionResult About()
    {
        ViewBag.Message = "Your app description page.";   
        return View();
    }

    public ActionResult Contact()
    {
        ViewBag.Message = "Your contact page.";
        return View();
    }

You can also put the attribute on certain methods if required instead of putting on the controller itself. For example, if you want the user to login for Index() method only then you could do it as below:

 public class HomeController : Controller
 {
    [Authorize]
    public ActionResult Index()
    { 
       return View();      
    }
 }

Upvotes: 1

Dima
Dima

Reputation: 6741

The common way for this case is usage of [Authorize] (AuthorizeAttribute) You may add it to specific Actions or whole Controller. It either supports specific users restrictions and Roles as well.

You may start with default MVC solution from Visual Studio, which will create all basic functionality based on SimpleMembership provider.

You may refer to NerdDinner project for full explanation: http://nerddinnerbook.s3.amazonaws.com/Part9.htm.

Upvotes: 1

Related Questions