2

I'm writing a role based application in ASP.NET MVC 3. Obviously, depending on the role the user is in, will depend what pages or functions they have access to. I'm not really certain the best place, or way to implement this in an MVC application. Any information or points to certain resources would be appreciated.

Thanks in advance.

Improve this question
2
  • Do you want to implement your own security and membership mechanism, or use something ready now? Commented Jul 24, 2011 at 16:50
  • I will probably be implementing my own via my own. Commented Jul 24, 2011 at 17:03

2 Answers 2

Reset to default
1

If you want to implement your own membership system, then you can follow these steps:

  1. Put an HttpModule (a class inheriting from IHttpModule) in the way of secure requests (requests you want to define access control for)
  2. In that module, create a handler AuthenticateRequest event
  3. In that handler, check the request for an Authentication Cookie. This cookie could be yours or you can use FormsAuthentication class to create, encrypt and decrypt cookies for you.
  4. If cookie is present, then load the roles of the user, and store them in HttpContext.Current.Items as a key/value pair. This way, you can use it anywhere you want.
  5. If not, then redirect the user to login page. The address of the login page could be retrieved from settings or web.config
  6. In login page, get the login information of user including user name and password, then create an Authentication Cookie and send it to the client.
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

The Membership Provider is built into .NET and can be used from MVC3. The post I linked to is an overview how to use the default implementation that ships with the .NET framework, it's possible to create your own but I suggest getting familiar with the default first.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.