REQUIRE AUTHORIZATION WITHIN WHOLE ASP .NET MVC APPLICATION

marcel ethan

Total Post:104

Points:728
Posted by  marcel ethan
 1018  View(s)
Ratings:
Rate this:

I create application where every action beside those which enable login should be out of limits for not logged user.

Should I add [Authorize] annotation before every class' headline? Like here:

namespace WebApplication2.Controllers {
[Authorize]
    public class HomeController : Controller {    
        public ActionResult Index() {
            return View();
        } 
        public ActionResult About() {
            ViewBag.Message = "Your application description page."; 
            return View();
        } 
        public ActionResult Contact() {
            ViewBag.Message = "Your contact page.";
 
            return View();
        }
    }
}

or there is a shortcut for this? What if I want to change rules for one and only action in particular controller?

  1. Takeshi Okada

    Post:89

    Points:629
    Re: Require authorization within whole ASP .NET MVC application

    Simplest way is to add Authorize attribute in the filter config to apply it to every controller.

    public class FilterConfig
    {
        public static void RegisterGlobalFilters(GlobalFilterCollection filters)
        {
            filters.Add(new HandleErrorAttribute());
     
            //Add this line
            filters.Add(new AuthorizeAttribute());
        }
    }

    Don't forget to add AllowAnonymous attribute when you need it to be accessible to non-logged in users.

      Modified On Apr-07-2018 06:59:02 AM

Answer

NEWSLETTER

Enter your email address here always to be updated. We promise not to spam!