Last post Dec 11, 2018 12:21 AM by kamalhussain
Dec 07, 2018 07:23 AM|kamalhussain|LINK
What is the best way to secure asp .net mvc? Usually, we are puting [Authorization] attribute at each action, but this seems very repeated since you have to put it all over the place.
Also we are using membership provider and trying to use in postback model by setting this security based on the folder. Some other way is to use web.config <location> section to secure some folders. All I tried and working nice, but most of tutorial uses the
Which one could be the best method?
Dec 07, 2018 08:16 AM|PatriceSc|LINK
You can also register this authorization filter globally and allow anonymous access as needed. See https://www.davidhayden.me/blog/asp.net-mvc-4-allowanonymous-attribute-and-authorize-attribute
Dec 10, 2018 02:46 AM|Zhi Lv - MSFT|LINK
The Authorize attribute could be applied to the action methods and the controller class, if you add the Authorize attribute to the controller
class, then any action methods on the controller will be only available to authenticated users.
More details, please check this article.
Dec 10, 2018 04:16 AMfirstname.lastname@example.org|LINK
Authorization is a way to secure your application. Another way is to use the new AllowAnonymous attribute on the login and register actions. Making secure decisions based on the current
area is a Very Bad Thing and will open your application to vulnerabilities.
Code you can get here
As ASP.NET MVC 4 includes the new AllowAnonymous attribute, so you no more need to write that code.
After setting the AuthorizeAttribute globally in global.asax and then whitelisting will be sufficient. This methods you want to opt out of authorization is considered a best practice in securing your action methods.
Please don't forget to mark as answer when it helps you. Thanks
Dec 11, 2018 12:21 AM|kamalhussain|LINK
Good thing is that I come to know about allow anonymous, other than authorization. Any other or combined approach/ policy that can be more secure? Thanks