I have a super simple ASP.NET MVC application that uses RpxNow (OpenID) to allow users to log in. Now I want users to edit their own account and provide administrator access to edit any account.
I have two separate views of "Edit Account":
- ~ / account / edit /
- ~ / account / edit / 1
The first loads account information based on the registered user. The second loads the account information using the provided AccountId. The first will be for standard users, and the second for the administrator.
First, I need to define the roles (User, Admin), and then I need to assign a user account (or several) to this role.
Then I need to check the role in the controller. I like this concept:
http://schotime.net/blog/index.php/2009/02/17/custom-authorization-with-aspnet-mvc/
So, down to the questions:
- Is there an easy way to define a list of roles in web.config?
- Is there an easy way to determine which users are cast in web.config?
- Is there any way to do this WITHOUT using membership / role providers?
- Am I approaching this from the wrong point of view? Should I split the application into two branches and protect them based on folder authorization?
source
share