Need an Asp.net MVC Application solution


Need an Asp.net MVC Application solution



I have implemented a small ordering and stock control system (for internal using) with the MVC 2 framework. Now my friends, they want to have a website to present the existing products for their customers. I know, I know they will ask me to do this one day. So in the beginning, I have made the controller name to start with "Admin". But now I am not sure the best way to implement their requirements. Could you advise me?

1.For the security reason, I did not allowed anonymous user to access the website a part from the CSS and image files. My question is the controllers' name are not folders' name, how could I set this up?

<!--Only allow the anonymous users to access the content folder--> <location path="Content"> <system.web> <authorization> <allow users="*"/> </authorization> </system.web> </location> 

2.I'm planning to put the admin section into an "area" and will it be a good way to go? Can anyone provide me some suggestions.

Many thanks.

controller view


what is the optimal database connection strategy

1:

Working with images in asp.net MVC ViewMasterPage in design mode
MVC use routing to serve the requests. Should I dive into ASP.NET MVC or start with ASP.NET Webforms?There is no folder to control access rights. ASP.NET MVC Cookie loses value when page is changedInstead you must use Attrialthough es on top of controllers, or on top of action methods. Disable cache in Silverlight HttpWebRequest . How do I display the duration it took to generate a page in a pages footer? I see you have a base controller, you could decorate your base controller with the appropriate Authorize attrialthough e.... Additional information in ASP.Net MVC View I don't agree with Buu around Areas. Facebook IFrame Application issues for certain usersI think this areas to separate the section of a website makes the project structure easier to understand. It will also let you place the routing configuration inside their area instead of having everything in your global.asax. I think it's worth it even before you have a lot of views. Admin/Public is a classic case.. follow the link from Buu...

2:

  1. If the built-in Authorize filter doesn't job for you, you must always implement a custom authorization filter. .
  2. If you have a large project (hundreds of views), then yes, I did think using areas is a good idea..

3:

Personally, I'd create a completely different website to handle public access. Best way to secure a view is to not have it in the first place.. Second option would be to create two areas, Internal and Public. You must secure each by dropping a web.config within each area folder, the one in Public allowing for anonymous access and the one in Internal restricting access to people logged into your office domain.. Third option is to perform security culling in your controller methods. This would require lots of job and would be a good idea to did this anyhow, although realize a bug here means you have a vulnerability in your system. .


57 out of 100 based on 52 user ratings 567 reviews

@