I am planning a new portal solution in ASP.NET MVC. I need to be able to have some parts of the site visible for everyone (public part) and a part where only registered users are allowed to visit. In traditional Web Forms the s开发者_开发技巧ecurity was made on folder level, but how about ASP.NET MVC? Could someone please explain me how to do this - or if its more beneficial to go the web forms way.
/H4mm3rHEad
Security is mostly done on the Controller or Action level via attributes. More information on the Authorize attribute can be found here:
http://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute%28VS.100%29.aspx#using_authorizeattribute
You can easily see how it works by going File-> New MVC project and checking out the AccountController.cs file inside the /Controllers/ directory.
Be aware the answers by Vitaly and Agent_9191 are not current and reference mostly preview MVC builds. Those articles may reference code and or functionality that does not exist or has been depreciated.
Take a look at this post talking about the AuthorizeAttribute. It can be applied to specific actions or an entire controller.
精彩评论