Securing controller action methods in ASP.NET MVC

How to mark a controller to be accessed only by logged in user?

To mark a controller to be accessed only by a logged in user, we can use Authorize attribute.
CONTROLLER CODE
[Authorize]
public class AuthorizeController : Controller
{

    public ActionResult Index()
    {
        return View();
    }
}
Above controller action method will only be accessible to those user who are logged in to the application. Despite Index method doesn’t have Authorize attribute but this method will not be available to the anonymous user as the Authorize attribute is written at the Controller level so all action method inside the controller will be secure.

No comments:

Post a Comment

Subscribe to: Posts (Atom)

How to register multiple implementations of the same interface in Asp.Net Core?

 Problem: I have services that are derived from the same interface. public interface IService { } public class ServiceA : IService { ...