Home/ Questions/Q 6127401
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T16:30:12+00:00

So I want to create a login page where when you enter your login

  • 0

So I want to create a login page where when you enter your login credentials as a admin you get acces. If you are not a admin you get redirected back to the login page. In my database I have a field of boolean type:

isAdmin <--datatype(byte")

So how can you the best way do this?! I would like to do this in the repository pattern way as it gets easier to unit test it then.

I have googled this a lot and starting to get a bit confused on the matter. How many classes, models etc should I have?! I’m guessing one controller would do. Anyone got any good ideas?! I’ve read some on the DCI pattern about user roles but as it basically “only” to check that boolean in the database maybe it is overkill? Thankful for all feedback.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If I understand correctly, I had a similar issue. It seems from your question that you are not using the default membership provider (at least as is). I didn’t either. So what I did was create a new authorization attribute. In your case it could look something like this:

    public class AdminOnlyAttribute : AuthorizeAttribute {
    IUserRepository _UserRepository;

    public SimpleUser SimpleUser { get; set; }

    public AdminOnlyAttribute() {
        _UserRepository = new SqlUserRepository(new DbContext());
    }

    protected override bool AuthorizeCore(HttpContextBase httpContext) {
        bool baseAuthorized = base.AuthorizeCore(httpContext);
        if (!baseAuthorized) {
            return false;
        } 

        //Here you use your repository to check if a user is an admin or not
        bool isAdmin = _UserRepository.IsAdmin(int.Parse(httpContext.User.Identity.Name));

        if (!isAdmin) {
            return false;
        }

        return true;
    }
}

    The repository method IsAdmin could be as simple as a query to check the boolean corresponding to the supplied user’s ID. Something like this (please double check if SingleOrDefault() is necessary or not):

    public bool IsAdmin(int userID) {
    bool isAdmin = (from user in db.Users
                    where user.ID == userID
                    select user.isAdmin).SingleOrDefault();
    return isAdmin;
}

    And then use this in the action you want like so:

    [AdminOnly]
public ActionResult Index(){
    //Code here...
}

    When this returns false, your ActionResult will be an HttpUnauthorizedResult which in theory should redirect to the login page.

    • 0