As for the PrinciplePermission attribute, it wouldn’t hurt to have a full solution for that, but I hadn’t planned on it. I do agree that it’s a bit more clean to apply the attribute see as changing your Routes would change your urls and, thus, the config authorization.

I’ll do what I can to post an example soon.

When I try to run my app, it goes into debug and stops on the User/Login.aspx and highlights the using statement and says that there is a NullReference exception. Its drving me nuts. Any ideas?

Also, I have done a bit of searching on this and I have also seen that you can use the PrinciplePermission attribute on the controllers themselves or in a base class or whatnot and I like this idea better as this means that you don’t have to use hard coded paths in the config file. Are you planning on updateing your example to use the new release?

Cheers
Dewy

if you ever stop by Copenhagen, Denmark – I owe you a beer!

It likely did create the database, but, initially, it’s not added to the project in the sense you may be expecting. The SQL Express MDF is likely just not “included” in the Visual Studio project. In the Solution Explorer, there is a button at the top called “Show All Files”. Click that and see if the ASPNETDB.mdf is not in the App_Data directory.

Any idea of what I might be doing wrong? It seems to by working on projects that are not MVC websites.

What’s the solution when we need to protect the URL like /Products/Edit/1 where “1″ is a productId?

Do you have a specific reason or example why you feel this doesn’t work as expected? You may wish to add the trailing slash.