Where authorization should implement in MVC4 ?

Question

I am build a decision based application for multilevel users and permissions. All permission can be assigned bu UI administrator. Is it right way to do ?

Where i should implement authorization ?

• Global filters
• Controller filters
• Action Filters
• Custom Authorization Attribute
• Custom membership

If any other best approach and way to implement without using third party please let me know.

I am so confused with different authorization approaches

Answer 1

I am so confused with different authorization approaches

Everybody has been their at least once, you are not alone ;), But since .Net 4.5 things are getting a bit clearer to me.

Okay, There are many ways of implementing authorization for MVC application. It all depend on the application you are building. You most probably will have to implement the followings

• Custom Membership provider
• Custom Authorize Attribute

Please take a look at this blog post, which helped me to really understand how one should implement authentication and authorization for a MVC app. It explains about form authentication type and how to implement your own Authorize attribute that can be used instead of the built in Authorize attribute.

http://codeutil.wordpress.com/2013/05/14/forms-authentication-in-asp-net-mvc-4/

Actually, the above was the most explained blog that I found in my search for proper implementation of MVC authentication & Authorization during the past year or so. So a big thank you should go to the Author.