One of the easiest security access
mechanism that we can maintain is secure URL access. One way of doing this
using authorization attribute in controller action method if you are using MVC.
You can use this attribute to secure entire controller as well. Just place the
Authorize attribute in the contoller class definition.
[Authorize(Roles="Admin")]
public ActionResult Edit(int id = 0)
{
Studentstudent = db.Students.Find(id);
………………………………….
……………………………
}
But this is more or less hard coding
the role in to the code and this is action level authorization. But in page
level ,we can use location path attribute in web config to perform more
configurable access rule.
Following is an example in web.config
<location path="Students/Edit">
<system.web>
<deny users="?"/>
<allow roles="Admin"/>
</system.web>
</location>
Keep in mind that this would not work properly if you are mapping
the URL into a different name in the RouteConfigs.cs
Eg :
routes.MapRoute("Student", "NewStudentUrl", new { Controller = "Student", action = "Edit" });
In a
situation like this, it is better to use the aforementioned authorize attribute
in cs code
No comments:
Post a Comment