Home/ Questions/Q 4603372
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T00:08:17+00:00

I am starting to migrate a ASP.NET Webforms application to ASP.NET MVC 3. The

  • 0

I am starting to migrate a ASP.NET Webforms application to ASP.NET MVC 3. The application has a public area which is accessible by all users (also anonymous users) and several areas which are only accessible by authenticated users which are in a specific role.

The WebForms project is organized like so:

Root folder -> contains all public pages
 |
 --- Private subfolder -> contains a few pages for ALL authenticated users
      |
      --- Customers subfolder -> contains pages for users in role "Customer"
      --- Suppliers subfolder -> contains pages for users in role "Supplier"
      --- Internals subfolder -> contains pages for users in role "Internal"
           |
           --- Admins subfolder -> contains pages for users in role "Admin"
      etc.

Currently the authorization is managed by web.config files which are in the different subfolders. For example the Customers subfolder contains the following web.config:

<configuration>
    <system.web>
        <authorization>
            <allow roles="Customer" />
            <deny users="*" />
        </authorization>
    </system.web>
</configuration>

In ASP.NET Webforms no more configuration is required then. This authorization is applied to all pages in the Customers subfolder.

What is the best way to migrate this structure to ASP.NET MVC 3? Or more specifically:

  • Do such web.config files with authorization settings still work in MVC on folder basis?
  • If not, is there another way to apply authorization requirements to all pages in a folder?
  • Can I still organize the various areas in separate folders, especially can I put individual Controllers, Views, Models subfolders under each of the folders Customers, Suppliers, etc. to keep all logic and markup close together?

Thanks for feedback!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Do such web.config files with authorization settings still work in MVC on folder basis

    They do but should not be used.

    If not, is there another way to apply authorization requirements to all pages in a folder?

    In ASP.NET MVC there is no notion of folders. There are controllers, models and views. There are also areas. So you could create a Customers area and have a base controller that all controllers in this area derive from. Then you would decorate this base controller with the [Authorize] attribute. This way all derived controllers and action will require the user to be authorized in order to access them. You are not required to use an area to achieve this. You could still have a base controller in the main area decorated with this attribute and have all controllers that require authentication to derive from.

    Here’s a blog post you may take a look at about authorization in ASP.NET MVC.

    • 0