ASP.Net MVC3 Custom Membership | AuthorizeAttribute Tutorial

wpftutorial
wpftutorial
18,020
0
Published 2012-01-24
I show you how to use a custom AuthorizeAttribute to secure your MVC3 application using custom roles in your own database schema.
All Comments (19)
  • @alexandermask4385
    This is an extremely helpful tutorial with very concise instructions on implementing Roles and authentication. I really appreciate it.
  • @mathor
    thanks, exactly what i was looking for.
  • @MrLukezorz
    Thanks for the tutorial in regards to the safety issues regarding the email you can always use the guid id of the user which is logged for the cookies, but anyway doubt that's much of a concern to you, thanks again.
  • @onlyice
    Really thanks for this video, I was looking for a solution has 2 days...
  • @beantownace
    Also a follow-up to the IsInRole question is, in this case without using a custom role provider you are not caching the roles in a cookie so I assume the database gets hit everytime you make an authorize correct?
  • @screwthisite
    What is the color theme on your visual studio? It is v. good
  • @dtjmsy
    great tutorial, it is exactly that I am looking for, is there a way I can download the code from the tutorial ?
  • @beantownace
    One question I have is this is great but will this work with the IsInRole say if you want to use some Razor syntax to disable something etc? Currently I have wired a custom role provider and custom membership provider then in my BaseController I use the OnAuthorization check against membership then if the ValidateUser comes back as true it gets into my Custom Role Provider I defined in my web.config. However, lots of not implemented methods of course so ugly.
  • @aidejiushini
    Is there any way that I can download it? the tutorial is very usefule! thanks a lot
  • @wpftutorial
    @dtjmsy Unfortunately I can't upload the code as is, due to it being work related.
  • @screwthisite
    Hi, I made changes in Filters/RoleAttribute  Should I register that somewhere like Global.asax?
  • @ThisNameNowTakenIs
    Isn't this highly unsafe? What if I were to change modify the cookie to an e-mail adress that is used by an administrator. It will give me full access to your site.