2

I am learning the MVC framework after a background in traditional ASP.NET webforms. I am developing a typical sample e-commerce website which has a public domain, then the ability to sign up to a service which will provide access to a secured members area. I have a couple of questions please:

  • In ASP.NET the private member pages were usually separated from the public domain pages by placing them in their own subfolder and marking this subfolder as requiring authentication in web.config like this:

    location path="MembersArea"
    system.web
        authorization
            deny users="?"
        authorization
    system.web
location

Do people usually put their secured members area pages in one subfolder in MVC too? Or do you mix the public and private pages in the same folders relying and Membership and authentication tags?

  • My MVC website will have a secure members area. But the home page etc. will be just standard HTML. When creating a site do you usually mark ALL pages as MVC in case of maybe wanting to enhance with dynamic data in the future? Or do you keep the plain HTML files as plain HTML because of performance reasons or something like that?

thanks for any advice with this

Improve this question

3 Answers 3

Reset to default
3

Forget about index.html's, files and whatnot. In MVC you work with Controllers and tell it what View to render.

In MVC you don't protect Views per se, but controller actions. Look into the Authorize attribute. You don't have to separate files for public or private.

You can even roll your own authorization attributes, so you would be able to do something like:

[Administrators]
public class HomeController : Controller
{
    public ActionResult Index()
    {
    }
}

You can protect at the Controller level, or at the individual action level.

This will all sound like chinese though unless you have a more formal introduction to MVC. I suggest the new MVC3 book by Phil Haack.

enter image description here

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

sergio, as per my second question, what is the general consus re HTML pages. If I have a set of pages which contain no dynamic data should I use plain HTML pages or stick with the views/controllers?
@Slim: Even if you have static HTML, create a View that a Controller can invoke and just push out some good ol' HTML. You want to use Controller because then you can benefit from the very good Routing engine in ASP.net
1

No, all views should be in the same folder structures as public and private. You want to check out the Authorize attribute. You can keep the controllers/actions in the same area.

I would do the site entirely as MVC.

Improve this answer

1 Comment

Hi daniel, thanks for replying so quickly, can you please elaborate slightly as i'm finding your answer a little ambiguous (probably me being thick!)
1

Forget everything you know about ASP.NET WebForms. MVC has a completely different approach, it doesn't use folders and files as direct mapping to resources as the traditional ASP.NET WebForms do. There are no "pages" in MVC, each URL invokes an action on a controller, which can return any result (either as view, which is similar to a "page", or any other type of result such as file downloads, redirects, etc.). There is not 1:1 mapping between controller actions and views, one action can return any view or result.

The MVC way to do it is via controllers, you can use authorization attributes on controllers (for the full class) or on specific controller actions (methods). You can even implement your own authentication attribute easily.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.