I am planning a new portal solution in ASP.NET MVC. I need to be able to have some parts of the site visible for everyone (public part) and a part where only registered users are allowed to visit. In traditional Web Forms the security was made on folder level, but how about ASP.NET MVC? Could someone please explain me how to do this - or if its more beneficial to go the web forms way.
/H4mm3rHEad
Security is mostly done on the Controller or Action level via attributes. More information on the Authorize attribute can be found here:
http://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute%28VS.100%29.aspx#using_authorizeattribute
You can easily see how it works by going File-> New MVC project and checking out the AccountController.cs file inside the /Controllers/ directory.
Be aware the answers by Vitaly and Agent_9191 are not current and reference mostly preview MVC builds. Those articles may reference code and or functionality that does not exist or has been depreciated.
Take a look at this post talking about the AuthorizeAttribute. It can be applied to specific actions or an entire controller.
Related
Say I've got an MVC website, www.codesmurf.com for example, set up with default ASP.NET MVC routing, nothing fancy. So my BlogController can be found at www.codesmurf.com/blog, and my FAQ similarly at www.codesmurf.com/faq.
Now if I also have a small survey project, currently in a different solution, how would I achieve to access this survey at www.codesmurf.com/survey?
What changes would I have to make to my routing and/or project structure to achieve this? So the entire survey project would be at the controller level of the main website, judging by the uri.
Do I have to achieve this using Areas? Do I need to create a SurveyController on the main site to redirect internally? Do I need to host this website separately and redirect externally? Any IIS configurations? How do I make sure my old routing isn't messed up?
This seemed like an easy task in my head at first, but I really have no clue what the best way to achieve this would be, and questions keep popping up in my head the more I think about it.
Note that the survey site is also an MVC project with its own controllers etc..
I haven't had much experience with changing the MVC routes, but would like to understand what I'm doing as well, so context/explanation would be greatly appreciated.
I personally would add the survey functionality as a service reference to your current MVC project.
Add Areas/Survey to your current MVC project and then start using the code from the service reference as you build up the Survey area.
When adding areas, all you will need to do is add some more rules to your map routes.
routes.MapRoute("areaRoute", "{area:exists}/{controller=Home}/{action=Index}/{id?}");
I always used asp.net webforms with the MVP pattern, it works great for what I need, I basically create a project where all my business rules reside, validation etc... and I then implement my views in the webforms project.
Now we're starting to use asp.net MVC and using the MVP patter doesn't make much sense, right? So what could be a good approach to create a scalable and testable project using MVC that won't make me create my data objects and do validation on the controllers. I don' want to have the same code in different places...
If a web user wants to update his/her profile on the site, there would be some validation rules for when a submit button is pushed, like email address cannot be empty, must be valid and must not exist in the database.
These same rules should be applied if I try to update his profile using the internal admin section without having to duplicate the code there...
If you can point me to a good sample project that deals with this would be great!
Thanks in advance!
You should use the MVC pattern with ASP.Net MVC.
The NerdDinner tutorial is a pretty detailed example for MVC, you can also get a book that includes the tutorial (you might want to wait for the version that covers ASP.Net MVC 3). There are plenty of resources on Microsoft's ASP.Net site.
You can always consult Google.
ASP .NET MVC was built with the Model-View-Controller (MVC) pattern in mind. That would be the pattern you'd want to use.
In addition to the resources magnifico provided, I know others have recommended the some other tutorials. I don't know if these have been updated to the latest version of the framework, but they should still serve as decent beginners.
MVC Storefront series
MVC Music Store
Also the Microsoft Patterns & Practices group recently released Project Silk which gets into more advanced techniques involving a lot of AJAX management of the UI. There's interesting stuff there.
I have an existing ASP.NET website with some custom routing, within a Solution that also contains Business Logic projects.
I want to create a new project within the Solution, which is an ASP.NET MVC website.
This website will also call the Business logic, and the ultimate aim is to port most of the code from ASP.NET to ASP.NET MVC.
But I want them to both work side-by-side for now, to ensure minimal down-time, as it's a high-traffic website.
Is it possible to accomplish this somehow using either ASP.NET routing or some kind of IIS setting?
Yep, you just need to add some routing to your current application. Try http://www.packtpub.com/article/mixing-asp.net-webforms-and-asp.net-mvc
Please have a look at this post by Scott HanselMan.
It provides detailed discussion about this along with a nice walk through.
I just wrote a blog post on this. It is possible. You might find it easier to simply relocate your web forms from your existing web forms project to your new MVC project. You may not have to change any code.
I'm curious to know if any basic CMS code has been written for ASP.NET MVC.
The reason I ask is, I'm making a data-driven website for a client, and I've already spent a significant amount of time building it from the ground-up in MVC, but now the client wants content management facilities.
Basically they want to be able to add/edit/remove articles and have revision control.
It would be great if I could somehow 'bolt on' the content management without having to start again from scratch, developing it under an existing CMS.
Should I build the article management and revision control myself, or should I re-use some existing package?
N2 does what you describe - "bolts on" to existing ASP.NET solutions (including MVC).
Also, kooboo is interesting http://www.kooboo.com
(I know this question is old, but it still comes high up for the relevant search terms.)
Today I discovered Meek, http://www.adventuretechgroup.com/labs-meek/, and it was very simple and unobtrusive to add to my MVC project, which I believe is what the original poster would have wanted - bolting on CMS as a feature rather than having it take over your entire site.
Piranha CMS is well suited to bolting on to an existing application. The author of it describes why and how here. To quote straight from that source:
"Our focus is content management and to have a transparent and lightweight API for developers. Piranha CMS has almost no components or helpers that render any HTML at all, it simply provides a database, a manager interface and a routing mechanism for retrieving the correct data for the current request.
In the case of you having an existing website you could actually bypass the routing completely, add one page at a time in the manager interface and then manually load the Page model in you existing page. This would allow you to keep your original application exactly the same but manage the content form the manager interface."
If you are still looking, I've published my new open source CMS here:
MVCwCMS
I'm actively working on it so I will push more updates soon.
Here is also a quick summary as to how Telerik Sitefinity does it:
http://www.sitefinity.com/mvc-cms
in brief - allows you to plug in standard system.web.mvc.controller classes as widgets, lets you use the API for anything including model binding, standard Razor for a view engine etc.
There is also Oxite which I believe is more of a blog engine.
Heve a look at AtomicCms it's a free open source content management system based on ASP.NET MVC 1.0
http://atomiccms.codeplex.com
Check for Orchard ;-)
It is based on asp.net mvc.
I'm creating an ASP.NET MVC site and I need to implement login and membership functionality.
Is this something where I roll my own? I already have a members table in my database, should I create a username and password hash field and just check against it? What about keeping the user logged in with a cookie that expires?
Is this an instance when you would use ASP.NET's built in Membership service?
ASP.NET MVC neophyte seeks help.
When you create a new ASP.NET MVC site, it already has membership built in. The CodePlex project mentioned in the other reply is only needed in special cases, namely:
You are using an early beta of the MVC framework, which doesn't have the membership feature.
You want to use an authentication system like OpenID, which isn't supported "out-of-the-box" with MVC.
You want membership administration features not included "out-of-the-box"
However, like I said, basic membership functionality is already present in an MVC site. Just add the [Authorize] attribute to any action requiring login. This is regular forms authentication, so you configured in Web.config like a non-MVC site (specifying the database, etc.; there's lots of information on the web about this).
A default MVC site will contain an "Account" controller and views which you can customize to fit your needs.
To answer the obvious question, no, you should not "roll your own." Even if you need custom authentication, it would be better to create a regular ASP.NET membership provider than to create an entirely new membership framework.
Update: The CodePlex project was updated to work with MVC 1.0
If you want to use something safe to start off with, either use the new project's template membership or consider using http://www.codeplex.com/MvcMembership.