Reputation: 5287
ASP.Net MVC3 Areas and Security
I have a public facing website and need to create an "admin" site for managing the content of the website. I would like to create an "Area" for admin functionality and secure just the Admin area using forms authentication. Is this possible? If I put the necessary forms authentication bits in the root web.config file, will it interfere with the public facing pages? How do you isolate forms authentication to an area? Thanks.
Upvotes: 0
Views: 978
Answers (1)
Reputation: 423
The way I go about it is to add an Authorize Atrribute to the the controllers or actions I need to be secure.
In the controller either:
[Authorize] --secures all actions in the controller
public class SomeController : DefaultController
{
[Authorize] --secures only this action
public ActionResult SomeAction(){
}
}
you can restrict access to specific users and also use a RoleProvider to only allow specific user roles to access the actions decorated with the attributes. Hopefully this can be helpful to you.
Upvotes: 2
Related Questions
- ASP.NET MVC 3 - Security architecture considerations
- MVC4 areas and forms authentication
- Forms Authentication with Multiple MVC Areas
- MVC - Forms and Windows authentication
- Authentication for MVC3 areas
- ASP.NET MVC 3 - How to restrict areas in an efficient way?
- ASP MVC: Getting confused when implementing ASP MVC Security
- Area level security for asp.net mvc
- Forms Authentication (restrict an area)
- Asp.NET MVC and security