ASP.NET MVC EF Securing Controllers

Question

I'm having some troubles determining what is the best practice to secure routes in .NET using EF7 and MVC. I have my own table Roles (so I'm not using the AspNetRoles).

Is the correct approach to (in my Commoncontroller) make something according to this:

public class AuthorizeAllExceptAdmin : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
    return !httpContext.User.IsInRole(Constants.ROLES_ADMINISTRATOR);
}
}

(this comming from: ASP .NET MVC Securing a Controller/Action).

Or how is it done? I've trying to read up a little, but I couldn't really find a valid answer.

Also, the post above is a little bit old, so can I still use that?

Thank you

Which version of MVC are you using? – daisy Dec 29 '15 at 09:55 — daisy, Dec 29 '15 at 09:55
I'm sorry, I'm actually using MVC6. – user3634184 Dec 29 '15 at 14:57 — user3634184, Dec 29 '15 at 14:57

score -1 · Answer 1 · answered Dec 29 '15 at 10:04

-1

You seems to be on the right track, see if this can help you, http://www.codeproject.com/Articles/288631/Secure-ASP-NET-MVC-applications#Create

answered Dec 29 '15 at 10:04

daisy

247
1
5
16

1

Hi. Just posting links to external resources is not really wanted on StackOverflow (The url can become invalid, be outdated etc..) It's better to post a snippet or explain the solution. – gsharp Dec 29 '15 at 10:18
Hmmn, I keep having troubles with even adding the [Authorize] filter to my controllers. They are not recognized (and even after adding a lot of namespaces, I can't seem to find the correct one). – user3634184 Dec 29 '15 at 13:04
Hey, can you look at this link if it's helpful to you: (http://stackoverflow.com/questions/31464359/custom-authorizeattribute-in-asp-net-5-mvc-6) – daisy Dec 29 '15 at 16:21

ASP.NET MVC EF Securing Controllers

1 Answers1