开发者

Forms Authentication (restrict an area)

开发者 https://www.devze.com 2023-01-03 07:46 出处:网络
I\'m developing an website using asp.net mvc with MySQL and I need to make开发者_JAVA百科 a simple restrict area for the user update some informations in website. So, I had created an area in mvc appl

I'm developing an website using asp.net mvc with MySQL and I need to make开发者_JAVA百科 a simple restrict area for the user update some informations in website. So, I had created an area in mvc application called "Admin", and I know how to protect it using Forms authentication and Autorize attribute! It works fine, but in each controller of my area I have to set the Autorize attribute to protected them. Is there any way to protected all Area in Web.config? How can I do that?

Thanks

Cheers


You must not use Web.config location-based authorization in an MVC application. Doing so will lead to security vulnerabilities in your site.

The easiest way to get the behavior you're looking for is to have an AdminBaseController which has an [Authorize] attribute on it, then have each controller in your Admin area subclass this type directly. The attribute will flow from the base type to the subclassed types.


A bit off your question as you want to use Web.config, but you can use PostSharp (an aspect oriented framework) to inject attributes on methods.

0

精彩评论

暂无评论...
验证码 换一张
取 消