How to setup routing for my admin section in ASP.NET MVC?

Question

Normally my URLs look like the standard: www.example.com/controller/action

Now I want to setup my administration section like:

 www.example.com/admin/
 www.example.com/admin/user/list
 www.example.com/admin/content/add
etc.

So the format is: www.example.com/admin/controller/action

I can't seem to figure out how to setup the routes so it looks like the above.

Answer 1

You just need to map a new path with the 'admin' section hardcoded at the beginning of the route definition.

For example add this to your routes in RegisterRoutes in the Global.asax.cs file and make sure it appears above the default route (assuming you haven't added other routes):

routes.MapRoute(
    "Default",                                              
    "admin/{controller}/{action}/{id}",                     
    new { controller = "Home", action = "Index", id = "" } 
);

Note: the 'admin' part hardcoded at the start of the route definition.

Note 2: If you have added other routes beyond the default you will need to make sure your routes are ordered correctly.

Here is a link to a good blog post from Scott Guthrie regarding MVC routing: URL Routing

Answer 2

Kelsey's answer is right on the mark, but I wanted to add something to the discussion. Another option is to not actually have "admin" routes at all, but instead require admin authenticated sessions for actually accessing the restricted urls.

This is often how things are done in "traditional" RESTful applications. Your controller represents the type of resource you are manipulating, the action is the verb, and the id is the unique identifier for a specific member of that resource.

In other words, instead of having:

/content/list (for normal users)
/admin/content/add (for admins)

You would have

/content/list (for everyone)
/content/add (for admin, but must be authenticated to work)

Adding /admin/ to the URL doesn't really add any benifits (except perhaps that you can write your securing logic with just a single rule against anything under /admin), but the tradeoff is more complicated routes and breaking standard RESTful. Breaking standard practices isn't in of itself a bad thing, but you should consider that they are standard for a reason, and unless you have specific benefits for breaking them, you might consider adhering to them.

It should be noted that in both URL styles you need to be authenticating the user, otherwise anyone could use it.

In ASP.NET MVC, you can restrict access to actions (or even whole controllers) based on user level using ActionFilters. By decorating your admin-only actions with these filters, you can ensure only authenticated adminstrative users can actually use them.

Read Scott Gu's blog entry or Rob Connery's post for more information.