SportsStore: Security & Finishing Touches

In the previous chapter, I added support for administering the SportsStore application, and it will not have escaped your attention that anyone could modify the product catalog if I deployed the application as it is. All they would need to know is that the administration features are available using the Admin/Index URL. In this chapter, I am going to show you how to prevent random people from using the administration functions by password-protecting access to the entire Admin controller. Once I have the security in place, I will complete the SportsStore app by adding support for product images. This may seem like a simple feature, but it requires some interesting MVC techniques.