(Note: This blog post was originally published under my old domain(codesmiles.com), here. Web Archive link. Recently I was going through an ASP.NET MVC web application’s source and noted that in some of the Controllers all of its Actions required authorization to access them. So Authorize attribute was added to all of the actions in the controller, as shown below . public class AdminSettingsController : Controller { // // GET: /AdminSettings/ [Authorize] public ActionResult Index() { return View(); } // // GET: /AdminSettings/Details/5 [Authorize] public ActionResult Details(int id) { return View(); } // // GET: /AdminSettings/Create [Authorize] public ActionResult Create() { return View(); } // // GET: /AdminSettings/Edit/5 [Authorize] public ActionResult Edit(int id) { return View(); } // // GET: /AdminSettings/Delete/5 [Authorize] public ActionResult Delete(int id) { return View(); } } But if all of the controller’s actions need authorization then you can add [Authorize] attribute to the entire Controller itself. Doing this would avoid room for errors, as you may miss to add the Authorize attribute to individual actions and that could become a security vulnerability. Below you can see I have removed the Authorize attribute from individual actions. [Authorize] public class AdminSettingsController : Controller { // // GET: /AdminSettings/
Tag: ASP.NET
A little less cared ASP.NET’s NestedMasterPage
(Note: This blog post was originally published under my old domain(codesmiles.com), here. Web Archive link. I have seen developers using user controls which will show and hide sections of site content based on the state of the web site. This is fine for some extent, you know when it becomes bad ? It becomes bad when only user controls are used even for site layout related stuff. ASP.NET’s NestedMasterPage is a great thing, that, I should admit, I myself started using only recently earlier I was using other ways to display a set of pages in different layout in a website. NestedMasterPage is a master page which is based on another master page, you can have as many levels of nesting as you wish, as far as you don’t confuse yourself. You create a NestedMasterPage based on which other normal ASP.NET pages will be created. You can have a Main master page in which a website’s most common UI elements are present and create NestedMasterPages for different areas of a site like subsections of a site like web interface for post Member login, etc. Below is a simple depiction of what could be done with a NestedMasterPage in ASP.NET web
New ASP.NET project gives a great webapp template in Visual Studio 2010
(Note: This blog post was originally published under my old domain(codesmiles.com), here. Web Archive link. (This post is part of Visual Studio 2010 series) When you create a new ASP.NET web application in Visual Studio 2010, you are getting a project which has a good set of features built into it for you to get started quickly. In previous versions of Visual Studio, when you create a new ASP.Net project, you just get one .aspx page with a web.config file. (Visual Studio 2010’s solution explorer showing the contents of a just created Web Application project) Visual Studio 2010’s new project template has the following.. Master page – with menu, login view control, etc., has good div based layout with nicely used css styles. Along with two files based on master page(Default.aspx & About.aspx). Stylesheet – with styles for most elements your web pages will be designed with, that you can customize as you wish Forms authentication enabled – provides you with .aspx pages which implements forms authentication, like, login, register new user and change password, with necessary configurations in web.config Web.config file with Debug and Release versions, including sample Web.config transformations that you most probably need Web.config readily configured