Require authorization within whole ASP .NET MVC application

Total Post:104

 1229  View(s)
Rate this:

I create application where every action beside those which enable login should be out of limits for not logged user.

Should I add [Authorize] annotation before every class' headline? Like here:

namespace WebApplication2.Controllers {
    public class HomeController : Controller {    
        public ActionResult Index() {
            return View();
        public ActionResult About() {
            ViewBag.Message = "Your application description page."; 
            return View();
        public ActionResult Contact() {
            ViewBag.Message = "Your contact page.";
            return View();

or there is a shortcut for this? What if I want to change rules for one and only action in particular controller?

  1. Post:89

    Re: Require authorization within whole ASP .NET MVC application

    Simplest way is to add Authorize attribute in the filter config to apply it to every controller.

    public class FilterConfig
        public static void RegisterGlobalFilters(GlobalFilterCollection filters)
            filters.Add(new HandleErrorAttribute());
            //Add this line
            filters.Add(new AuthorizeAttribute());

    Don't forget to add AllowAnonymous attribute when you need it to be accessible to non-logged in users.

      Modified On Apr-07-2018 06:59:02 AM