Home/ Questions/Q 687965
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-14T02:10:52+00:00

Greetings, in my asp.net mvc application what i would like to do is to

  • 0

Greetings,
in my asp.net mvc application what i would like to do is to enable access to some pages only after user was successfully authorized. I have already created custom membership provider and that works fine. How can I, in web config create such rule – for instance for all pages in ~Admin/ folder? I don’t want to create on every controller’s action the validation code.
For now i have in my web.config the following statement:

    <location path="~/Admin"> 
<system.web>
  <authorization>
    <deny users="?"/> 
  </authorization>
</system.web>

but it doesn’t work.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Doing authorization logic in config files has one big disadvantage: it cannot be easily unit tested, and something so important as authentication should be unit tested. I would recommend you for this matter to write a custom authorization filter which could be used to decorate a base controller for all admin actions that requires authentication:

    [AttributeUsage(
    AttributeTargets.Method | AttributeTargets.Class, 
    Inherited = true
)]
public class RequiresAuthenticationAttribute 
    : FilterAttribute, IAuthorizationFilter
{
    public void OnAuthorization(AuthorizationContext filterContext)
    {
        if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
        {
            filterContext.Result = new RedirectResult(
                string.Format("{0}?ReturnUrl={1}", 
                    FormsAuthentication.LoginUrl, 
                    filterContext.HttpContext.Request.Url.AbsoluteUri
                )
            );
        }
    }
}

    And your admin controller:

    [RequiresAuthentication]
public class AdminController : Controller
{
    // .. some actions that require authorized access
}
    • 0