REQUIRE AUTHORIZATION WITHIN WHOLE ASP .NET MVC APPLICATION

marcel ethan

Total Post:105

Points:735
Posted by  marcel ethan
 876  View(s)
Ratings:
Rate this:

I create application where every action beside those which enable login should be out of limits for not logged user.

Should I add [Authorize] annotation before every class' headline? Like here:

namespace WebApplication2.Controllers {

[Authorize]

    public class HomeController : Controller {

 

 

 

 

        public ActionResult Index() {

            return View();

        }

 

        public ActionResult About() {

            ViewBag.Message = "Your application description page.";

 

            return View();

        }

 

        public ActionResult Contact() {

            ViewBag.Message = "Your contact page.";

 

            return View();

        }

    }

}

or there is a shortcut for this? What if I want to change rules for one and only action in particular controller?

  1. Takeshi Okada

    Post:89

    Points:629
    Re: Require authorization within whole ASP .NET MVC application

    Simplest way is to add Authorize attribute in the filter config to apply it to every controller.

    public class FilterConfig

    {

        public static void RegisterGlobalFilters(GlobalFilterCollection filters)

        {

            filters.Add(new HandleErrorAttribute());

     

            //Add this line

            filters.Add(new AuthorizeAttribute());

        }

    }

    Don't forget to add AllowAnonymous attribute when you need it to be accessible to non-logged in users.

Answer

NEWSLETTER

Enter your email address here always to be updated. We promise not to spam!