0

I have a asp.net mvc3 web application. I have a list of items with images queried from db. From time to time I need to add new item to db and specify image. I'm thinking to add authentication and create special view only for admins for this purpose. Is it Ok?

What are the best practices for doing this? Thanks.

Improve this question
1
  • Nope web applications have to be static :) Commented Apr 12, 2011 at 17:52

1 Answer 1

Reset to default
1

Best practices for this... Well lets see.

Answer some questions -

Q: Is manually adding the record via sql management console good enough along with manually uploading the file? A: Then no don't fix problems that don't exist

Q: Is this site publicly accessible? A: Then yes, authentication to post following all security guidelines for keeping script kiddies at bay,

And since your using ms mvc. Make use of the built in security attributes to control access to controller classes methods; for example; [Authorize(Roles = "Administrators")] ect, ect.

Should be fairly simple to set up;

  1. Edit web.config and turn on membership and roles, as well as login page
  2. Could possibly use the .net membership framework to hold users and roles
  3. Lock down controllers or methods with the [Authorize] attribute

Good luck,

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.