How to allow an anonymous user access to some given page in MVC?
I have enabled form authentication in my ASP.NET MVC web application. I want to allow anonymous users access only to some specific pages, including Register.cshtml for inst
-
In the Web.config i had the below authorization
<authorization> <deny users ="?"/> </authorization>this causes the
[AllowAnonymous]not work correctly, i had to remove that authorization of my Web.config, and in all the controllers put the line
[Authorize]before the declaration of the class, to work correctly.
讨论(0) -
In MVC you normally use the
[Authorize]attribute to manage authorization. Controllers or individual actions that are dressed with that attribute will require that the user is authorized in order to access them - all other actions will be available to anonymous users.In other words, a black-list approach, where actions that require authorization are black-listed for anonymous users using
[Authorize]- all actions (not dressed with the attribute) will be available.Update:
With MVC4 a new attribute has been introduced, namely the
[AllowAnonymous]attribute. Together with the[Authorize]attribute, you can now take a white-list approach instead. The white-list approach is accomplished by dressing the entire controller with the[Authorize]attribute, to force authorization for all actions within that controller. You can then dress specific actions, that shouldn't require authorization, with the[AllowAnonymous]attribute, and thereby white-listing only those actions. With this approach, you can be confident that you don't, by accident, forget to dress an action with the[Authorize], leaving it available to anyone, even though it shouldn't.Your code could then be something like this:
[Authorize] public class UserController : Controller { [AllowAnonymous] public ActionResult LogIn () { // This action can be accessed by unauthorized users } public ActionResult UserDetails () { // This action can NOT be accessed by unauthorized users } }讨论(0)
加载中...
- 热议问题