问题
My requirement is that only the login page and the Register page should be accessible from anonymous users. I have created a new ASP.NET MVC project using the default template in VS2008.
After that I have enabled security adding this section to the web config:
<authorization>
<deny users="?" />
</authorization>
Now the Register Action is not accessible anymore because of the security enabled. How I can do to disable security only for that Action?
Thanks
回答1:
You will want to use the Authorize attribute on your controller actions to restrict access at the Controller or Action level:
http://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute.aspx
回答2:
I would recommend you using the [Authorize] attribute to control which actions/controllers require authentication instead of using web.config. This way your authorization rules are less vulnerable to errors if you decide to modify your routes.
回答3:
In context of ASP.NET MVC 4: you can enable authorization with the Authorize attribute on your controller classes, then disable for specific actions with the AllowAnonymous attribute.
来源:https://stackoverflow.com/questions/3653333/how-to-disable-security-for-an-action-in-asp-net-mvc