How do I authenticate users in the Dynamic Data administration area on the ASP.NET MVC website?

Question

How do I authenticate users in the Dynamic Data administration area on the ASP.NET MVC website?

I have an external ASP.NET MVC 1.0 interface that works well, and the functions as part of it are the dynamic data section, which I use as the internal admin area for the site.

I haven't confused authentication too much yet, but it seems like a pretty logical website design for any new .NET sites that are going these days. I hope that someone can have some tips to share how to block the "Dynamic Data" section of the site (Dynamic Data uses simple old ASPX pages) using the "Track Authentication" function, leaving freely visible components of the MVC frontend.

The FYI site is hosted on Win2k3 / IIS6.0, and there is no MVC installed on the server, so I include the DLLs in the \ bin directory and use the routing mechanism to add .aspx suffx to the controllers, since IIS can understand parts of the MVC site.

Thanks...

Bernard.

+3

asp.net-mvc dynamic-data

Bernard Jun 23 '09 at 23:50

source share

1 answer

Zhaph - Ben Duguid · Answer 1 · 2009-06-24T08:14:33+0000

You should be able to block these pages in the same way that you blocked pages on the standard asp.net website - add the folder name to the location block in the web.config file:

<!--
  The location element is only needed if this is in root web.config.
  You could also create a web.config in the folder containing the dynamic data
  pages and just have the elements from system.web
-->
<location path="DynamicDataFolder">
  <system.web>
    <authorization>
      <allow roles="Admin"/>
      <deny users="*"/>
    </authorization>
  </system.web>
</location>

It is assumed that you have configured membership and role providers - in the MVC project, by default, there are examples and a login page has been created.

How do I authenticate users in the Dynamic Data administration area on the ASP.NET MVC website?

More articles: