The problem now is that any user can access our book Management page via the Storemanager controller. Next, let's add the permission settings to restrict access to the page only to administrators.
7.1 Append account Controller and view
In ASP. 3, one of the differences between a complete Web application template and an empty Web application template is that the empty template does not include the account (accounts, or user) controller. Our approach is to arbitrarily create an application with a full ASP. NET MVC3 Web Application template, and then copy some files from it.
Create an ASP. NET MVC3 Web application with a full template, and then copy the following files to the same location in the application.
1. Copy the AccountController.cs to the Controllers folder.
2. Copy the AccountModels.cs to the Models folder.
3. Create an Account folder under the Views folder and copy the four view template files from the account folder in the new application.
After the copy is complete, the Solution Explorer should be shown in 7-1.
Figure 7-1 Solution Explorer after the file copy is complete
Modify the namespaces in the AccountController.cs and AccountModels.cs files to modify the namespaces in the AccountController.cs file to Mvcbookstore.controllers, Modify the namespace in the AccountModels.cs file to Mvcbookstore.models.
7.2 Appending an administrator with the ASP. NET Settings site
Before verifying that the access user is an administrator user, we first need to create an administrator user. The simplest way to create an administrator user is to use the ASP. NET built-in Settings Web site.
Click on the icon shown in Solution Explorer 7-2 to log in to the ASP.
Figure 7-2 Click on the icon to log in to the ASP Web settings website
After logging in, click on the "Security" tab in the home page. Then click on the "Enable Roles" link, shown in 7-3.
Of course in the vs2012 page. Click items->asp.net configuration into the ASP. Web Site Administration Tools page
Figure 7-3 Enabling roles in the ASP. NET Settings Web site
Click the "Create or Manage Roles" link, shown in 7-4.
Figure 7-4 Creating a role in the ASP. NET Settings Web site
Enter the role name "Administrator" in the new Role Name text box and click on the "Add Roles" button. As shown in 7-5.
Figure 7-5 Adding the Administrator role in the ASP. NET Settings Web site
Click on the "Back" button, then click on the "Create user" link on the left. As shown in 7-6.
Figure 7-6 Creating a user in the ASP. NET Settings Web site
Fill in the Input text box on the left with the information shown in the following table.
text box |
Value |
User Name |
Admin |
Password |
password& |
Confirm Password |
password& |
E-Mail |
(Fill in an email address) |
Seurity Question |
(fill in any content) |
Security Answer |
(fill in any content) |
Select the Administrator role for this user, and then click the "Create User" button, shown in 7-7.
Figure 7-7 Creating a user in the ASP. NET Settings Web site
At this point, you will see a message identifying that the user has been created successfully.
Figure 7-8 Identifying the user creation success information
Now you can turn this browser window off.
7.3 Role-based user authentication
Now we can use the [authorize] property to restrict access to the Storemanager controller only to administrators. The code is shown below.
[authorize"Administrator")]controller/Controller code here}
Note that the [authorize] property can be used to restrict access to the entire controller or to an action method in the controller.
Now when you access the "/storemanager" URL address, a login dialog box appears first, as shown in 7-9.
Figure 7-9 Access to the Storemanager controller must first require a login
Log in using the identity of the user we created, and you will continue to see the book List screen.
ASP. Web site management Tools