I am learning ASP.NET MVC3, and I just created a controller for my Model/Context.

Question

0

Asked: June 3, 20262026-06-03T14:37:48+00:00 2026-06-03T14:37:48+00:00

I am learning ASP.NET MVC3, and I just created a controller for my Model/Context.

0

I am learning ASP.NET MVC3, and I just created a controller for my Model/Context. However, anyone can navigate to these pages and use them. How can I set permissions for these pages?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-03T14:37:52+00:00

AuthorizeAttribute will be your first line of defense. You can grant access based on group membership or username. Works a lot like Code Access Security / Principal Permission Attributes but isn’t as hard to work with.

Example:

// Allow Everybody in
public ActionResult Index ()
{}

// Allow only Editors/Admin to post edits back to controller.
[HttpPost]
[Authorize(Roles="Admin,Editor"]
public ActionResult Edit(EditViewModel vm)
{}

You can use them at the Class or Method Level, so you can have a base controller that only lets authorized users use certain controllers of your app.

If you find yourself using the same groups or users over and over, I would create an override of the AuthorizeAttribute that has those groups predefined, that way you don’t misspell or forget them. This will also DRY up your code, which is always great.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am learning ASP.NET MVC3, and I just created a controller for my Model/Context.

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply