3

Have an application were 99% of the actions will require user to be logged in.

The options I've come across are -

1-)Create a base controller inheritance chain and apply authorize attribute at that level. Something like: BaseController > AuthorizeController, BaseController > PublicController. (don't like this because of the inheritance chain)

2-)Create a custom authorize attribute and use a flag to bypass authorization. Similar to this post. (my preference so far).

What are other options/best practice? What about using web.config like in asp.net webforms? Reference here. Does that do the same as the authorize attribute?

Improve this question

1 Answer 1

Reset to default
1

Use the tab to and the web config file to control this; you can specify the authorization settings and it does work in MVC too.

http://msdn.microsoft.com/en-us/library/wce3kxhd.aspx

Authorize approach would work, or you could build a custom ControllerActionInvoker (each controller has a reference to this). This class runs on every action invocation, which seems appropriate.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

"Use the tab to" ? not sure what you mean.
I don't know what I mean by that either :-) Anyway, the authorization element still applies and is a great way to handle this. Other option I specified also works.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.