I am learning the MVC framework after a background in traditional ASP.NET webforms. I am developing a typical sample e-commerce website which has a public domain, then the ability to sign up to a service which will provide access to a secured members area. I have a couple of questions please:
-
In ASP.NET the private member pages were usually separated from the public domain pages by placing them in their own subfolder and marking this subfolder as requiring authentication in web.config like this:
location path="MembersArea" system.web authorization deny users="?" authorization system.web location
Do people usually put their secured members area pages in one subfolder in MVC too? Or do you mix the public and private pages in the same folders relying and Membership and authentication tags?
- My MVC website will have a secure members area. But the home page etc. will be just standard HTML. When creating a site do you usually mark ALL pages as MVC in case of maybe wanting to enhance with dynamic data in the future? Or do you keep the plain HTML files as plain HTML because of performance reasons or something like that?
thanks for any advice with this
Forget about index.html’s, files and whatnot. In MVC you work with Controllers and tell it what View to render.
In MVC you don’t protect Views per se, but controller actions. Look into the Authorize attribute. You don’t have to separate files for public or private.
You can even roll your own authorization attributes, so you would be able to do something like:
You can protect at the Controller level, or at the individual action level.
This will all sound like chinese though unless you have a more formal introduction to MVC. I suggest the new MVC3 book by Phil Haack.