Security Access using Authorize/Annoymous or Web.Config

Security Access using Authorize/Annoymous or Web.Config

Say for example you need to allow anyone to access the Account/Register Page for registration and only certain people to access Account/Login. Below are two methods:-

Using the Authorize and Annoymous – Method:1

In MVC 4 and above you can secure login access using Authorize and Annoymous

So in the global app Filter there is authorization that is applied to all the controllers

public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{

filters.Add(new System.Web.Mvc.AuthorizeAttribute());
}

I

 

In the individual controller you can specify

[Authorize]

AccountController {

[Annoymous]

Register {

}

Login {

}

}

 

Using Method :2  Webconfig to allow anyone to access Account/Register

You can specify the actually location of the files.

<location path="Account/Register">
<system.web>
<authorization>
<allow users="?" />
</authorization>
<httpHandlers></httpHandlers>
</system.web>
</location>

 

<forms name=".horse" cookieless="UseCookies" loginUrl="~/Account/Login" timeout="432000" protection="All" path="/" slidingExpiration="true"/>
</authentication>
<!--<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>-->

 

Leave a Reply

Your email address will not be published. Required fields are marked *