Menu
I create application where every action beside those which enable login should be out of limits for not logged user.
Should I add [Authorize] annotation before every class' headline? Like here:
namespace WebApplication2.Controllers { [Authorize] public class HomeController : Controller { public ActionResult Index() { return View(); } public ActionResult About() { ViewBag.Message = "Your application description page."; return View(); } public ActionResult Contact() { ViewBag.Message = "Your contact page."; return View(); } } } or there is a shortcut for this? What if I want to change rules for one and only action in particular controller?
754
Authorization in MVC is controlled through the AuthorizeAttribute attribute and its various parameters. At its simplest applying the AuthorizeAttribute attribute to a controller or action limits access to the controller or action to any authenticated user.
Simplest way is to add Authorize attribute in the filter config to apply it to every controller.
public class FilterConfig { public static void RegisterGlobalFilters(GlobalFilterCollection filters) { filters.Add(new HandleErrorAttribute()); //Add this line filters.Add(new AuthorizeAttribute()); } } Another way is to have all of your controllers inheriting from a base class. This is something I do often as there is almost always some shared code that all of my controllers can use:
[Authorize] public abstract class BaseSecuredController : Controller { //Various methods can go here } And now instead of inheriting from Controller, all of your controllers should inherit this new class:
public class MySecureController : BaseSecuredController { } Note: Don't forget to add AllowAnonymous attribute when you need it to be accessible to non-logged in users.
193
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
