Sam
Reputation: 30388
Securing the whole ASP.NET 5 MVC 6 application
If I want to secure a particular section in my MVC app, I use [Authorize] for the ActionMethod. I also know that I can use it for the entire controller so that I don't have to specify it for each and every ActionMethod in it.
I want to require authorization globally and want to be able to allow anonymous users in only a few places. How do I require users to be authorized globally and allow anonymous users in a few ActionMethods?
Upvotes: 7
Views: 417
Answers (2)
haim770
Reputation: 49095
You can simply register AuthorizeFilter globally in your Startup.cs:
public void ConfigureServices(IServiceCollection services)
{
// configure/build your global policy
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
services.AddMvc(x => x.Filters.Add(new AuthorizeFilter(policy)));
}
(The actual policy-building bits were taken from @Sam's own answer)
Upvotes: 9
Sam
Reputation: 30388
Here's the answer... In Startup class, ConfigureServices method:
public void ConfigureServices(IServiceCollection services)
{
// Add framework services.
services.AddMvc(options =>
{
options.Filters.Add(new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build()));
});
}
Upvotes: 4
Related Questions
- How to enable CORS in ASP.net Core WebAPI
- How do you create a custom AuthorizeAttribute in ASP.NET Core?
- Resolving instances with ASP.NET Core DI from within ConfigureServices
- How to register multiple implementations of the same interface in Asp.Net Core?
- How do I get client IP address in ASP.NET Core?
- How to read values from the querystring with ASP.NET Core?
- ASP.NET Core Get Json Array using IConfiguration
- How to use JWT in MVC application for authentication and authorization?
- Override global authorize filter in ASP.NET Core 1.0 MVC
- Use Asp.Net Identity to secure WebApi controllers