Reputation: 9453
Asp.Net MVC Authorize Options
Have an application were 99% of the actions will require user to be logged in.
The options I've come across are -
1-)Create a base controller inheritance chain and apply authorize attribute at that level. Something like: BaseController > AuthorizeController, BaseController > PublicController. (don't like this because of the inheritance chain)
2-)Create a custom authorize attribute and use a flag to bypass authorization. Similar to this post. (my preference so far).
What are other options/best practice? What about using web.config like in asp.net webforms? Reference here. Does that do the same as the authorize attribute?
Upvotes: 3
Views: 775
Answers (1)
Reputation: 50728
Use the tab to and the web config file to control this; you can specify the authorization settings and it does work in MVC too.
http://msdn.microsoft.com/en-us/library/wce3kxhd.aspx
Authorize approach would work, or you could build a custom ControllerActionInvoker (each controller has a reference to this). This class runs on every action invocation, which seems appropriate.
Upvotes: 1
Related Questions
- Customizing authorization in ASP.NET MVC
- Authorization c# mvc
- Authorization in ASP.NET MVC 4
- ASP.NET MVC - use authorize attribute
- ASP.NET MVC Authorization
- MVC authentication and authorization
- mvc authorize or authenticate
- Authorization in ASP.NET MVC
- Help with asp.net mvc authorization
- Help with asp.net mvc authorization