Organizing a site Admin section - User section MVC
I’m building a site with ASP.NET MVC3 and would like you input on what’s the best approach to organizing the site’s sections. Is it better to have a different project for the admin part? So it could be available like admin.example.com. Or maybe just use some routing so the admin controllers go to www.example.com/admin/contr开发者_StackOverflow社区oller (using the Area feature)? Any thoughts? Are there any security implications to take into account?
Thanks!
I would put the admin section in its own area. If you then use the built in Membership and Role Provider functionality, you can use the Authorize
attribute on your controllers and/or action methods to restrict access to an administrator role. I don't think there's much to be gained by having a separate project.
As for security issues, make sure you are using HTTPS for anything that requires authentication. If you write your own membership provider, do not store passwords in plaintext. Use a cryptographic hash function like BCrypt. That's just the tip of the iceberg, there are plenty of other security topics here if you do a search.
I agree with Idsa that moving it to another project is possible, but doesn't really do anything for you. I would consider using an Area.
http://msdn.microsoft.com/en-us/library/ee671793.aspx
You can move it to another project or not (I wouldn't do it) but a special admin project won't solve rights separation problem: different parts of admin should be accessed by different users.
精彩评论