how to rstrict a user to access a page according to privilege

Question

0.00/5 (No votes)

See more:

supposre student can acces student url and teacher can access teacher url if student paste the url directy he is able to go ito the teachers the page..how to restrict

how to rstrict the user that when he paste the teachers url it will redirect him to login page and vise versa

Posted 27-Jan-16 20:28pm

Member 11970398

Add a Solution

Comments

Sinisa Hajnal 28-Jan-16 2:40am

Have them login before they can access anything. If the user is not autheniticated, you redirect him to login page. After the login, you know who he is and can set the access rights.

Google "form authentification in mvc".

Member 11970398 28-Jan-16 2:45am

yeah i know that but only i have t write it web.config file or some where else

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Nathan Minier · Answer 1 · 2016-01-28T01:51:00

You're looking at the difference between Authentication and Authorization. What you're looking for is two things, first off using a Role Provider, and secondly using the AuthorizeAttribute.

The MS guidance on role Providers is here:
Implementing a Role Provider[^]

There is an article on CP that describes one possible implementation here:
ASP.NET MVC 5 Identity: Extending and Modifying Roles[^]

And finally, once you have a role provider, you can lock down items by controller or by action with the AuthorizeAttribute:

C#

[Authorize(Roles="Admin,User")]
public class AccountController : Controller
{
   [Authorize(Roles="Admin")]
   public ActionResult DeleteAccount(){...}

}