3

Have an application were 99% of the actions will require user to be logged in.

The options I've come across are -

1-)Create a base controller inheritance chain and apply authorize attribute at that level. Something like: BaseController > AuthorizeController, BaseController > PublicController. (don't like this because of the inheritance chain)

2-)Create a custom authorize attribute and use a flag to bypass authorization. Similar to this post. (my preference so far).

What are other options/best practice? What about using web.config like in asp.net webforms? Reference here. Does that do the same as the authorize attribute?

Community
  • 1
  • 1
B Z
  • 9,363
  • 16
  • 67
  • 91

1 Answers1

1

Use the tab to and the web config file to control this; you can specify the authorization settings and it does work in MVC too.

http://msdn.microsoft.com/en-us/library/wce3kxhd.aspx

Authorize approach would work, or you could build a custom ControllerActionInvoker (each controller has a reference to this). This class runs on every action invocation, which seems appropriate.

Brian Mains
  • 50,520
  • 35
  • 148
  • 257
  • "Use the tab to" ? not sure what you mean. – B Z Jan 18 '10 at 17:38
  • I don't know what I mean by that either :-) Anyway, the authorization element still applies and is a great way to handle this. Other option I specified also works. – Brian Mains Jan 18 '10 at 19:51