So far you’ve looked at the use of the AuthorizeAttribute to prevent anonymous access to a controller or controller action. However, as mentioned, you can also limit access to specific users or roles. A common example of where this is used is in administrative functions. After some work, your Music… Continue reading
For many sites, nearly the entire application should require authorization. In this case, it’s simpler to require authorization by default and make exceptions in the few places where anonymous access is allowed — such as the site’s home page and URLs required for the login process. For this case, it’s… Continue reading
The preceding scenario demonstrated a single controller with the AuthorizeAttribute applied to specific controller actions. After some time, you realize that the browsing, shopping cart, and checkout portions of your website each deserve separate controllers. Several actions are associated with both the anonymous Shopping Cart (view cart, add item to… Continue reading
The Intranet Application template (available in ASP.NET MVC 3 Tools Update and later) is very similar to the Internet Application template, with one exception: It replaces Forms Authentication with Windows Authentication. Because Registration and Log On with Windows Authentication are handled outside of the web application, this template doesn’t require… Continue reading
The Display attribute sets the friendly display name for a model property. You can use the Display attribute to fix the label for the FirstName field: [Required] [StringLength(160, MinimumLength=3)] [Display(Name=”First Name”)] public string FirstName { get; set; } In addition to the name, the Display attribute enables you to control… Continue reading
The primary side effect of model binding is model state (accessible in a Controller-derived object using the ModelState property). Not only does model state contain all the values a user attempted to put into model properties, but model state also contains all the errors associated with each property (and any… Continue reading
The Range attribute specifies minimum and maximum constraints for a numerical value. If the Music Store only wanted to serve middle-aged customers, you could add an Age property to the Order class and use the Range attribute as in the following code: [Range(35,44)] public int Age { get; set; }… Continue reading
Some properties of Order require more than a simple presence or length check. For example, you’d like to ensure the Email property of an Order contains a valid, working e-mail address. Unfortunately, it’s practically impossible to ensure an e-mail address is working without sending a mail message and waiting for… Continue reading
You’ve forced the customer to enter his name, but what happens if he enters a name of enormous length? Wikipedia says the longest name ever used belonged to a German typesetter who lived in Philadelphia. His full name is more than 500 characters long. Although the .NET string type can… Continue reading
Because you need the customer to give you his fi rst and last name, you can decorate the FirstName and LastName properties of the Order model with the Required attribute: [Required] public string FirstName { get; set; } [Required] public string LastName { get; set; } [Required(ErrorMessage = “Nick name… Continue reading