Multi User App with MVC3, ASP.NET Membership - User Authentication/ Data Separation -

-

i'm building simple multi-user (multi-tenant?) app asp.net mvc3 , ef4, 1 database, 1 code base, users access app using same url. once user logged in should have access data, i'm using default asp.net membership provider , have added ‘userid’ guid field on each of data tables. don't want user have access user b’s data have been adding following every action on controllers.

public actionresult editstatus(int id)     {         if (!request.isauthenticated)             return redirecttoaction("index", "home");          var status = sservice.getstatusbyid(id);          // check if logged in user has access status         if (status.userid != getuserid())             return redirecttoaction("index", "home");     .     .     .     }      private guid getuserid()     {         if (membership.getuser() != null)         {             membershipuser member = membership.getuser();             guid id = new guid(member.provideruserkey.tostring());             return id;         }         return guid.empty;     }

this repetition feeling wrong , there must more elegant way of ensuring users can't access each other's data – missing?

what missing?

a custom model binder:

public class statusmodelbinder : defaultmodelbinder {     public override object bindmodel(controllercontext controllercontext, modelbindingcontext bindingcontext)     {         // fetch id routedata         var id = controllercontext.routedata.values["id"] string;          // todo: use constructor injection pass service here         var status = sservice.getstatusbyid(id);          // compare whether id passed in request belongs          // logged in user         if (status.userid != getuserid())         {             throw new httpexception(403, "forbidden");         }         return status;     }      private guid getuserid()     {         if (membership.getuser() != null)         {             membershipuser member = membership.getuser();             guid id = new guid(member.provideruserkey.tostring());             return id;         }         return guid.empty;     } }

and register model binder in application_start:

// use constructor injection pass repository model binder modelbinders.binders.add(typeof(status), new statusmodelbinder());

and finally

// authorize attribute ensures user authenticated.  // if want redirect /home/index in original // example if user not authenticated write custom // authorize attribute , job there [authorize] public actionresult editstatus(status status) {     // if got far means user has access resource     // todo: status , return view     ... }

conclusion: we've put controller on diet way controllers should :-)


Comments

Post a Comment

Popular posts from this blog

c# - How to set Z index when using WPF DrawingContext? -

-
how set z-index drawing object when using drawingcontext.drawxxx() methods? the object drawn last have higher z index. can't change index of drawn objects. way draw in order. if using wpf (as placed tag), can use, example, canvas control. create shapes need like polyline obj = new polyline(); //... // ... set properties of obj and add them canvas uielementcollection: yourcanvasname.children.add(obj); //or yourcanvasname.children.insert(i, obj); first items of collection have higher z index. advantages in way: no need redraw on window changes, can anytime move objects , change order.
Read more

razor - Is this a bug in WebMatrix PageData? -

-
i think may have found bug in webmatrix's pagedata, not sure. concerns how pass data partial page calling page. in webmatrix documentation (tutorials, e.g. " 3 - creating consistent look ", , example code), pagedata recommended mechanism pass data between pages (e.g. content page layout page, or partial page). however have found not work other way, pass data partial page calling page. modifying or adding entries in pagedata in partial page, not seem calling page. cutting right down simplest possible example, in test page may have this: @{ pagedata["test"] = "initial entry"; } <p>before calling partial page, test value @pagedata["test"]</p> @renderpage("_testpartial.cshtml") <p>after returning calling page, test value @pagedata["test"]</p> and in _testpartial.cshtml page might have this: @{ pagedata["test"] = "modified entry"; } <p>in partial page...
Read more

visual c++ - Using relative values in array sorting ( asm ) -

-
i need sort through array , sort each individual row in array in ascending order. doesn't seem going (surprise!) keep getting hit 2 errors: a2101: cannot add 2 relocatable labels , a2026: constant expected here's sort, makes sense me, think i'm still trying implement high-lvl language techniqes assembly. there way around not being able use relative values? (the array 7 rows 9 columns, btw). mov cx, 7; cx = number of rows outer: ; outer loop walk through rows push cx mov cx, 9 mov row, cx ;rows middle: ; middle-loop walk through columns push cx sub cx, 1 ;cx = cx-1 mov column, cx ;columns inner: ;inner loop - compare , exchange column values cmp marray[row*9 + column], marray[row*9 + column+1] xchg marray[row*9 + column+1], marray[row*9 + column] ; compare , exchange values marray table inc column loop inner pop cx loop mid...
Read more