forum

Home / DeveloperSection / Forums / Require authorization within whole ASP .NET MVC application

Ask Question

Require authorization within whole ASP .NET MVC application

marcel ethan 1951 15-Jan-2015

I create application where every action beside those which enable login should be out of limits for not logged user.

Should I add [Authorize] annotation before every class' headline? Like here:

namespace WebApplication2.Controllers {
[Authorize]
    public class HomeController : Controller {    
        public ActionResult Index() {
            return View();
        } 
        public ActionResult About() {
            ViewBag.Message = "Your application description page."; 
            return View();
        } 
        public ActionResult Contact() {
            ViewBag.Message = "Your contact page.";
 
            return View();
        }
    }
}

or there is a shortcut for this? What if I want to change rules for one and only action in particular controller?

asp.net c#  asp.net mvc  mvc5  authorization 
Updated on 15-Jan-2015
marcel ethan

marcel ethan

Follow

Can you answer this question?

Answer

1 Answers

Takeshi Okada

Takeshi Okada

15-Jan-2015

Simplest way is to add Authorize attribute in the filter config to apply it to every controller.

public class FilterConfig
{
    public static void RegisterGlobalFilters(GlobalFilterCollection filters)
    {
        filters.Add(new HandleErrorAttribute());
 
        //Add this line
        filters.Add(new AuthorizeAttribute());
    }
}

Don't forget to add AllowAnonymous attribute when you need it to be accessible to non-logged in users.

Liked By