How to setup routing for my admin section in ASP.NET MVC?
https://stackoverflow.com/questions/1400935
-
05-07-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Normally my URLs look like the standard: www.example.com/controller/action
Now I want to setup my administration section like:
www.example.com/admin/ www.example.com/admin/user/list www.example.com/admin/content/add etc.
So the format is: www.example.com/admin/controller/action
I can't seem to figure out how to setup the routes so it looks like the above.
Solution
You just need to map a new path with the 'admin' section hardcoded at the beginning of the route definition.
For example add this to your routes in RegisterRoutes in the Global.asax.cs file and make sure it appears above the default route (assuming you haven't added other routes):
routes.MapRoute(
"Default",
"admin/{controller}/{action}/{id}",
new { controller = "Home", action = "Index", id = "" }
);
Note: the 'admin' part hardcoded at the start of the route definition.
Note 2: If you have added other routes beyond the default you will need to make sure your routes are ordered correctly.
Here is a link to a good blog post from Scott Guthrie regarding MVC routing: URL Routing
OTHER TIPS
Kelsey's answer is right on the mark, but I wanted to add something to the discussion. Another option is to not actually have "admin" routes at all, but instead require admin authenticated sessions for actually accessing the restricted urls.
This is often how things are done in "traditional" RESTful applications. Your controller represents the type of resource you are manipulating, the action is the verb, and the id is the unique identifier for a specific member of that resource.
In other words, instead of having:
/content/list (for normal users)
/admin/content/add (for admins)
You would have
/content/list (for everyone)
/content/add (for admin, but must be authenticated to work)
Adding /admin/ to the URL doesn't really add any benifits (except perhaps that you can write your securing logic with just a single rule against anything under /admin), but the tradeoff is more complicated routes and breaking standard RESTful. Breaking standard practices isn't in of itself a bad thing, but you should consider that they are standard for a reason, and unless you have specific benefits for breaking them, you might consider adhering to them.
It should be noted that in both URL styles you need to be authenticating the user, otherwise anyone could use it.
In ASP.NET MVC, you can restrict access to actions (or even whole controllers) based on user level using ActionFilters. By decorating your admin-only actions with these filters, you can ensure only authenticated adminstrative users can actually use them.
Read Scott Gu's blog entry or Rob Connery's post for more information.
As of MVC Version 2 they have added the 'area' concept which allows you to do this properly :) Here is ScottGu's post about MVC 2 Preview.
