As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 9 years ago.
Do you have or know of an example that uses ACL-based security in an MVC app?
I don't specifically know of an example, but MVC is naturally very conducive to ACL. Assign an ACL (or two or three, etc.) to a model. The ACL can be constructed statically or dynamically depending on your needs. Store the ACL in a safe place (such as a secure database). Have the model provide methods to the view that allow it to display itself nicely based on the ACL. Have the model provide methods to the controller that allow it to be queried for permissions and supply credentials as needed to the model. Do not allow other modules of the app to access the ACL besides the model. This preserves the sanctity of MVC.
I recommend considering a role-based ACL instead of user-based, to allow for better scalability in the future in case your app needs it.
Related
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I recently came across this posting where Darin Dimitrov suggested that you never refer to HttpContext.Current in your ASP.NET MVC application.
We have NDepend, a tool for doing static code analysis, what are some other rules that you believe would be good to model with something like NDepend?
Much appreciated!
In our code base (which should reuse existing infrastructure and also uses Autofac for DI) I've currently written some rules along the lines:
To ensure we are not going to tightly couple ourselves to existing infrastructure
That we are not using ViewBags in our Views, but instead using ViewModels
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I have a question about organizing a ASP.NET MVC project.
I have 3 different main area. Front and back-end, and I have a Web API.
I want to know what is best practice for organizing such a project?
What I have done so far is to make 3 different projects so I could separate the area of which they worked on, but I have a problem with the Web API with CORS (Cross-Origin Resource Sharing).
So my question would be, is it possible to have 3 projects, or should I have to use areas? I still want to be able to separate the "concerns" (Web API, fronted, back-end).
why dont you run it all under one default virtual directory.. your structure would be localhost => virtual root, localhost/Web1. localhost/Web2, localhost/Web3 and run them all under IIS and not IIS express
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I'd like to build a control panel (let's call it "dashboard") for several applications. Each application has a REST-API which will be used by the dashboard. The dashboard should have a module for every managed application.
In Rails I could use Controller Namespaces to achieve something like this. The models and the views could be separated in a similar way. This would lead to the following directory structure:
controllers/app1/
models/app1/
views/app1/
controllers/app2/
models/app2/
views/app2/
But I don't like that. I would rather have something like this, to have the modules better separated:
modules/app1/controllers
modules/app1/models
modules/app1/views
modules/app2/controllers
modules/app2/models
modules/app2/views
Is something like this possible with Rails 3?
If you want that kind of separation you should investigate using Rails Engines to organize the components of your application. An engine is a sort of sub-application that's mostly self-contained.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
Thought I would put this out there before I embark on my own research.
In a current MVC 4 app, I am looking for a way to track/audit visitors. I am looking for a way to:
Record a record on each site request.
Record will include things like logged in user, session id, requested page, page coming from, etc., etc.
Action methods will be decorated with an attribute to trigger the creation of that record, so we can specify exactly which action methods get logged.
Anyone attempted or heard of anything like this?
Thanks in advance for any replies.
An ActionFilter seems to be the way to go. I have an example of a similar requirement that I'd be willing to send you, let me know.
You should consider writing a base controller that all your controllers will inherit from and then do all the logging in there.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 11 years ago.
I am starting with web development. I looked at the URL design of a few websites, especially github and stack overflow.
A user page on github is of the form github.com/<username> (e.g. github.com/roma1n). This strikes me as requiring careful reservation of top-level identifiers, i.e. there cannot be a user explore in github, because github.com/explore shows a list of trending/interesting repositories. It also seems hard to extend once usernames that would make useful page names (e.g. latest, all) have been taken up by users.
Stackoverflow seems to go on the opposite route, where a user page is of the form stackoverflow.com/<numeric id>/<username>. This seems to add redundancy to the address, unless multiple users with the same nickname are allowed (e.g. to make life easier when identifying through other providers such as OpenId?).
What are the pros and cons of each solution, (and of the other obvious ones such as example.com/users/<numeric_id> or example.com/users/<nickname>)? Is there a current best practice or reasonable default?
I think your suggestion example.com/users/<nickname> is pretty reasonable. given a choice I'd pick this, becuase it's more memorable for users than an id, and it sidesteps the the users nickname problem. of course you're free to adopt any convention that fits your use case, so whatever works!