Requires Asp.net MVC Application

Question

Requires Asp.net MVC Application

I have implemented a small order and inventory management system (for internal use) with the MVC 2 framework. Now my friends, they want to have a website to present existing products to their customers. I know, I know that they will ask me to do this once. So first I created the controller name to start with "Admin". But now I'm not sure what the best way to fulfill their requirements. Could you advise me?

1. For security reasons, I did not allow an anonymous user to access the website from CSS files and images. My question is: the controller name is not the folder name, how can I configure this?

<!--Only allow the anonymous users to access the content folder-->
<location path="Content">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>

2. Do you plan to insert the administrator section in the "area", and this will be a good way? Can anyone give me some suggestions.

Many thanks.

controller view

+3

asp.net asp.net-mvc

Daoming yang May 19, '10 at 12:37

source share

3 answers

Buu nguyen · Answer 1 · 2010-05-19T12:43:00+0000

If the built-in Authorize filter does not work for you, you can always implement custom authorization .
If you have a large project (hundreds of views), then yes, I think using areas is a good idea.

Stéphane · Answer 2 · 2010-05-19T12:52:22+0000

MVC uses routing to serve requests. There is no folder for access control. Instead, you can use attributes on top of controllers or on action methods.

, , Authorize...

. , - . , global.asax. , , . Admin/Public - .

Buu..

Will · Answer 3 · 2010-05-19T13:04:04+0000

- . - .

- : " ". , web.config , , Public, , - Internal, , .

The third option is to disable security in your controller methods. It will require a lot of work, and it would be a good idea to do it anyway, but to implement the error here means that you have a vulnerability in your system.

Requires Asp.net MVC Application

More articles: