Reputation: 67980
Is the [Authorize] attribute for ASP.NET MVC controllers only for Membership Providers?
Does the [Authorize] attribute used with ASP.NET MVC controllers only function with sites that have implemented a MembershipProvider?
Upvotes: 6
Views: 1976
Answers (3)
Reputation: 171
Short answer is no. It just checks that there is a IPrincipal, how that gets there is up to you.
I have my own login logic that I use instead of the Membership provider, once I've authenticated a user I just call the FormsAuthentication.SetAuthCookie method. Once you've done that you can then use the [Authenticate] attribute.
Upvotes: 8
Reputation: 551
The [Authorize] attribute is an action filter. It's going to grab the IPrincipal and check if the user is authenticated or if you specify roles and/or users in with the attribute, it will match against those.
There are many ways that a web request can be authenticated. Everything from Open ID to Windows Authentication. Check out this question for an OpenID example and more links to implementing authentication that way: StackOverflow Question 961468
Upvotes: 1
Reputation: 15754
I'm pretty sure it does yes. I imagine you could role your own and implement a similar way of doing authentication/authorization.
Upvotes: 0
Related Questions
- How does the Authorize tag work? - ASP.NET MVC
- Authorize attribute in ASP.NET MVC
- ASP.NET MVC - use authorize attribute
- How Authorize attribute work in MVC3
- Can the [Authorize] attribute be set globally for all controllers?
- MVC3 Authorize Attribute
- Using [Authorize] in MVC3
- Custom Authorize Attribute
- Is the Authorize attribute in ASP .NET MVC used for Authentication as well as Authorization?
- Question about [Authorize] Attribute for Administrators