andres descalzo
Reputation: 14967
ASP.NET MVC Authentification Form
I need to deny all access to any controller if they do not login. I do not want to do this for each entry:
[Authorize]
public ActionResult AnyMethod() {
...
}
I try something like that but this was denied access to everything (css, js, ...).
<authorization>
<deny users="?"/>
</authorization>
In the Web.config I have only this code:
<authentication mode="Forms">
<forms loginUrl="Account/Login"></forms>
</authentication>
Thank you
Upvotes: 0
Views: 86
Answers (1)
tvanfosson
Reputation: 532465
You can put the Authorize attribute on the controller instead -- it can be applied to both methods and classes. This will save you a lot of work and still give your users access to your static content (that isn't protected via the web.config).
[Authorize]
public class AdminController : Controller
{
...
public ActionResult SetPassword( UserPasswordModel model )
{
...
}
...
}
Upvotes: 3
Related Questions
- Forms Authentication & authorization MVC 4
- FormsAuthentication with MVC5
- Authentication via FormsAuthentication in asp mvc 4
- MVC: proper authentication
- Dot net MVC secure Forms Authentication
- ASP.NET MVC 2 using Authentication
- ASP.NET MVC 2 authorization problem
- .Net Forms Authentication
- form authentication info in asp.net mvc
- How to use form authentication with asp.net mvc?