|
-
Aug 9th, 2011, 01:10 AM
#1
Thread Starter
Fanatic Member
MVC 3: Page Authorization based on Role
Hi All,
let say i have this Page and Role required to access it
Home: PublicRole
About: PublicRole
Invoice: PurchasingRole
i have navigation menu that populate based on user's Role that logon but it doesn't prevent if user type the URL manually..user still can access that Page eventhough user don't have permission to access it
using AuthorizationAttribute is something that i want to prevent because Admin have the ability to set the Menu based on Role
authorization article that i found is required user to Logon first before attempt to access the Page, it already done in my scenario
any insight?
thx,
erick
-
Aug 12th, 2011, 08:02 AM
#2
Re: MVC 3: Page Authorization based on Role
You can just check the user's roles as the first thing inside each Action method, and redirect if the user is not in the required roles.
C# Code:
// User object below comes from HttpContext.Current.User
if (!User.IsInRole("PurchasingRole")) {
return RedirectToAction("Index");
}
-
Aug 12th, 2011, 11:36 AM
#3
Thread Starter
Fanatic Member
Re: MVC 3: Page Authorization based on Role
thx tr333
that will be my last attempt because i will be coding the same code for each page and of course the role won't be hardcoded because the authorization is dynamic..
arrghhh...
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote