Skip to main content

How To Secure Your Entire MVC Application With Authorize Attribute

Scenario
If you would like to secure your admin pages, you need to add the “Authorize” attribute for all your admin controllers. However, you might get a situation where you need to secure your entire MVC application without using any login page. For large applications, it would be difficult to add an “Authorize” attribute for each controller and manage it.
Below are the simple solutions to overcome the above situation.
Solution 1
You can add the “Authorize” attribute in the Filter Config file to apply it to every controller.

  1. using System.Web.Mvc;  
  2. namespace Csharpcorner {  
  3.     public class FilterConfig {  
  4.         public static void RegisterGlobalFilters(GlobalFilterCollection filters) {  
  5.             filters.Add(new HandleErrorAttribute());  
  6.             filters.Add(new AuthorizeAttribute());  
  7.             //OR  
  8.             filters.Add(new AuthorizeAttribute {  
  9.                 Roles = "Admin"  
  10.             });  
  11.             //OR  
  12.             filters.Add(new AuthorizeAttribute {  
  13.                 Users = "ABC,XYZ"  
  14.             });  
  15.         }  
  16.     }  
 Solution 2
You can create one base class (AuthorizeController in our example) which should inherit the Controller Class. Now, instead of inheriting from the Controller, all of your controllers should inherit this new class (i.e., AuthorizeController class).
  1. [Authorize]  
  2. public abstract class AuthorizeController: Controller {  
  3.     //your methods here(If any).  
  4. }  
  5. public class MyController: AuthorizeController {  
  6.     //Your Action Methods here.  

NoteIf you would like to provide access to any controller or action method to the user, add “AllowAnonymous” attribute specific to that controller or action method.

Comments

Popular posts from this blog

Top 10 ASP.NET Web API Interview Questions

What is ASP.NET Web API? ASP.NET Web API is a framework that simplifies building HTTP services for broader range of clients (including browsers as well as mobile devices) on top of .NET Framework. Using ASP.NET Web API, we can create non-SOAP based services like plain XML or JSON strings, etc. with many other advantages including: Create resource-oriented services using the full features of HTTP Exposing services to a variety of clients easily like browsers or mobile devices, etc. What are the Advantages of Using ASP.NET Web API? Using ASP.NET Web API has a number of advantages, but core of the advantages are: It works the HTTP way using standard HTTP verbs like  GET ,  POST ,  PUT ,  DELETE , etc. for all CRUD operations Complete support for routing Response generated in JSON or XML format using  MediaTypeFormatter It has the ability to be hosted in IIS as well as self-host outside of IIS Supports Model binding and Validation Support for OD...

Extension methods in C#

Consider the class C# 1 2 3 4 5 6 7 8 9 10 11 12 13          namespace ExtensionMethod      {          public class testClass {              public string sayHello ( ) {              return "Hello" ;            }        }      }     Invoke the above from your form using C# 1 2 3 4 5 6          testClass test = new testClass ( ) ;      MessageBox . Show ( test . sayHello ( ) ) ;     This will show “Hello” in message box. Consider the scenario where you don...

What is cookie? Advantages and disadvantages of cookies?

What is cookie? A cookie is a small piece of text file stored on user's computer in the form of name-value pair. Cookies are used by websites to keep track of visitors e.g. to keep user information like username etc. If any web application using cookies, Server send cookies and client browser will store it. The browser then returns the cookie to the server at the next time the page is requested. The most common example of using a cookie is to store User information, User preferences, Password Remember Option etc.It is also one of the common and mostly asked interview questions. Some facts about Cookie Here are a few facts to know about cookies: · Cookies are domain specific i.e. a domain cannot read or write to a cookie created by another domain. This is done by the browser for security purpose. · Cookies are browser specific. Each browser stores the cookies in a different location. The cookies are browser specific and so a cookie created in one browser(e.g in Google Chrome...