I'm creating a web application using ASP.NET MVC 4 and C#.
I want all users to be logged in before using application.
I'm using ASP.NET Membership with a custom database.
One method is check if Membership.GetUser()
is null or not in every function.
But isn't there any easier way than checking user login state in every function? (maybe checking in web.config, global.asax, etc...??)
Sure, decorate your actions or the whole class with [Authorize]
and it will require that the user is logged in first.
Put [Authorize]
over each action that you want only logged in users accessing. You can also do this at the controller level, making all actions within the controller secured. The latter is probably best for you, since you probably only want all of your pages disabled for guests.
Here's what the class-level one looks like:
[Authorize]
public class SomethingController
{
//...
}
and here's an action-level one:
public class SomethingController
{
[Authorize]
public ActionResult SomeAction(Parameter someParameter)
{
//...
}
}
Another way to do it, if all or most of your pages use the same master page, is to put:
<script type="text/javascript>
@if(!Request.IsAuthenticated) {
window.location.href = redirectURL;
}
</script>
or if you arent using razor syntax,
<script type="text/javascript>
<% if(!Request.IsAuthenticated) { %>
window.location.href = redirectURL;
<% } %>
</script>
in the master page. That way, all pages which use that master page will redirect elsewhere if the user is not logged in. This only applies if you are using the built-in authentication, though. NOTE: This option is far less secure than the first option. Use this only if site security is not a big concern
I know this question already has an answer but if the intention is to lock down the whole app except for a select few controller actions then I feel like this is a better solution ...
In the startup / init for your app add ...
httpConfig.filters.Add(new AuthorizeAttribute());
... then on actions you DONT want to secure ...
[AllowAnonymous]
public ActionResult Hello() { return View(); }
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With