Is there a way to use the AuthorizeAttribute to restrict access base on user type? I have an admin login and an intern log in.
As of right now, both of these logins will show all tabs on my admin page. what I want is to restrict the # of tabs that the intern login sees.
Can I use the AuthorizeAttribute to do that? Please advise.
Many thanks
The AuthorizeAttribute is placed on controller or action methods to prevent them from executing for unauthorize individuals.
In your case, what you want to do is prevent a menu from being displayed based on the type of users.
For this, you would use Roles that determine what permissions each user has.
Then on the view, you would use the User.IsInRole("roleName") to determine if they are in the role and act accordingly.
For instance, here is how you would only show the "Manage Users" menu item to an admin:
#if(User.IsInRole("Admin"))
{
<li>Manage Users
}
Also, in the Users action method, you would decorate it with the AuthorizeAttribute to prevent users that are not in the "Admin" role from accessing the page.
[Authorize(Roles("Admin"))]
public ActionResult Users()
{
//...
}
Related
I am using Class Based View, and in this particular form (based on FormView) I want restrict access to Logged Users only. It somehow works, but I want after user give login / password go back, redirect to particular site - for example named "my_form" or other (could be home page), but in this case, after login Django Admin shows. I need its functionality only for login and I want go back to desired location, 'my_form' page.
How can I achieve this? Don't want decorators here, as I want to use this special Mixin.
class EmployeeLocationFormView(LoginRequiredMixin, FormView):
login_url = 'admin:login'
redirect_field_name = 'my_form'
I have 2 Admin contollers.
PostContoller
CategoriesController
How can I Create them inside Blog Plugin, If I want. Can a plugin have more than one Controller, Admin or Public.
I tried to Create PostAdminContoller and extend AdminController, but dont know how to Call it like
?aa=Post.index
There are three controllers that are available by default:
AdminController
SiteController
PublicController
If you want more controllers, use routes (http://www.impresspages.org/docs/routing) but then you have to do security checks on your own:
\Ip\Internal\Admin\Backend::userId() //check if admin is logged in
ipAdminPermission($plugin) //check if current admin has right to access plugin.
Im very new to mvc 5 and other MVC,
I create a web app in VS2013 but for login and membership, I used MVC4 methods.
I want to have two different data base for Amins and usual Users,
for some controller of my project I put
`[Authorize(Roles = "Admin")]
[InitializeAdminMembership]` (only accessible by Admin)
and for some other I put
[Authorize(Roles = "User")]
[InitializeSimpleMembership]
when an unauthenticated user want to access to the first one,should redirect to login page for Admin,and second one should redirect to login page for Users,
I put this to web.config
<appSettings>
//remove for clarity
<add key="LoginUrl" value="~/Admin/Login"/>
<add key="LoginUrl" value="~/User/Login"/>
</appSettings>
but only one of <add ..../> works,
by paying attention to 2 separate data base(Admin and Usual User) how can I redirect unauthenticated people to appropriate login page?
in other words how can I have two login Url?is that possible?
thanks every body.
you need to create your own Custom Action Filter attribute, which is called whenever an action is called, and in that you will check the role of logged in user and will check if the action that user is trying to access is for user admin , if for admin redirect to admin login action else allow to access action.
Here is the reference links:
http://www.asp.net/mvc/tutorials/hands-on-labs/aspnet-mvc-4-custom-action-filters
http://msdn.microsoft.com/en-us/library/dd410209%28v=vs.100%29.aspx
I am working on MVC4 project. My application has 3 different role.
1. Admin
2. User
3. Superadmin
when admin logs in if he type direct page name in url for user page.. he is able to see user page also.
So how do i restrict role to see only his page.
I mean admin can see only admin pages,user can see only user page.. etc.
If you're using the inbuilt role and membership providers, you simply have to use the authorize attribute:
[Authorize(Roles = "Admin")]
This can be attached to a controller or action.
Use authorize attribute on action as below .
[Authorize(Roles = Roles.Admin)]
I am using Play Framework 1.2.4
My main controller is protected with the "secure" module.
Now, I need to add a process to register a new user for the system. I implement it in another controller. Assuming the registration process is successful, I would like to display the "home page" for the newly created user, without asking to type username / password again.
How to achieve that?
A bit of "simplified" code:
In the Registration controller:
public static void newUser(String username, String password, String fullname)
{
User user = new User(username, password, fullname);
user.save();
// What is the trick to avoid login being displayed???
MainController.index();
}
MainController is using the "secure" module.
Thanks for any hint,
Max
Well, looks like the answer is here:
How to use play frameworks Secure module to login a user after that user has been created
I found it after I posted.
Max