How require authorization within whole ASP .NET MVC application

前端未结

关注

 2  666

孤城傲影

I create application where every action beside those which enable login should be out of limits for not logged user.

Should I add [Authorize] annotation

相关标签:

2条回答

礼貌的吻别

2020-12-01 14:35

To build upon DavidG's answer, if you need to require a certain role (in Windows authentication, for example, where everyone is authorized) you can do this:

public class FilterConfig
{
    public static void RegisterGlobalFilters(GlobalFilterCollection filters)
    {
        filters.Add(new HandleErrorAttribute());

        filters.Add(new AuthorizeAttribute { Roles = "MyApp Access" });
    }
}

0 讨论(0)

深忆病人

2020-12-01 14:43
Simplest way is to add Authorize attribute in the filter config to apply it to every controller.
```
public class FilterConfig
{
    public static void RegisterGlobalFilters(GlobalFilterCollection filters)
    {
        filters.Add(new HandleErrorAttribute());

        //Add this line
        filters.Add(new AuthorizeAttribute());
    }
}
```
Another way is to have all of your controllers inheriting from a base class. This is something I do often as there is almost always some shared code that all of my controllers can use:
```
[Authorize]
public abstract class BaseSecuredController : Controller
{
    //Various methods can go here
}
```
And now instead of inheriting from Controller, all of your controllers should inherit this new class:
```
public class MySecureController : BaseSecuredController
{
}
```
Note: Don't forget to add AllowAnonymous attribute when you need it to be accessible to non-logged in users.
0 讨论(0)
发布评论:

提交评论
- 加载中...