How require authorization within whole ASP .NET MVC application
Simplest way is to add Authorize
attribute in the filter config to apply it to every controller.
public class FilterConfig{ public static void RegisterGlobalFilters(GlobalFilterCollection filters) { filters.Add(new HandleErrorAttribute()); //Add this line filters.Add(new AuthorizeAttribute()); }}
Another way is to have all of your controllers inheriting from a base class. This is something I do often as there is almost always some shared code that all of my controllers can use:
[Authorize]public abstract class BaseSecuredController : Controller{ //Various methods can go here}
And now instead of inheriting from Controller
, all of your controllers should inherit this new class:
public class MySecureController : BaseSecuredController{}
Note: Don't forget to add AllowAnonymous
attribute when you need it to be accessible to non-logged in users.
To build upon DavidG
's answer, if you need to require a certain role (in Windows authentication
, for example, where everyone is authorized) you can do this:
public class FilterConfig{ public static void RegisterGlobalFilters(GlobalFilterCollection filters) { filters.Add(new HandleErrorAttribute()); filters.Add(new AuthorizeAttribute { Roles = "MyApp Access" }); }}