Asp.net MVC Secure Area

I'm just strating a new project in MVC and I need to have a backend that has restricted access.

I was going to set up a group in Active Directory for users who have access rights and use the Authorize atribute on the backend controller to restrict access. I will also enable Windows authentication.

I was just wondering if that would be secure enoug开发者_JS百科h for an external facing website for a small to Medium site?

Thanks

Jemes

I see no reason why not using the built in providers.

Not sure what else to say :)

It should be ok, but but do remember MVC supports RESTful url's do go through this link

http://www.infoq.com/articles/roa-resource-metadata to avoid pages not being accessed by other user's as getting uri is easier in REST.

I know this is pointing out the obvious but depending on the sensitivity of the data you might want to look at running the protected parts of your site under SSL?

Additionally depending on your specific needs you might want to look at using IIS to lock down the folder(s) to a set IP address range?

I assuming that if I did follow the security steps above, a user could still access my views in the backend if they guess the url. Does the Authorize atribute work on Views?