开发者

Secure ASP.NET MVC 3 site

开发者 https://www.devze.com 2023-03-22 03:21 出处：网络

I read a couple of articles mentioning that you\'re supposed to have all of your controllers derive from a parent class with the [Authorize] attribute to not leave security holes in your site. (Exampl

相关专题：.net asp.net-mvc-3 security

I read a couple of articles mentioning that you're supposed to have all of your controllers derive from a parent class with the [Authorize] attribute to not leave security holes in your site. (Example: article)

However, all controllers already derive from the parent Controller, which doesn't have the [Authorize] attribute. What is the best way to enforce this suggestion without having to add the attr开发者_开发问答ibute to every single controller?

for MVC3 (and possibly 2 I do not remember) you can use global hooks like:

public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
    filters.Add(new HandleErrorAttribute());
}

protected void Application_Start()
{
    RegisterGlobalFilters(GlobalFilters.Filters);
}