How to easily redirect if not authenticated in MVC 3?

Question

I am brand new to ASP.NET, and I\'m trying to find a way to easily redirect an unauthenticated user from any page on the site to the logon page. I would prefer to not put th

Answer 1

You can put the [Authorize] attribute over each action that needs to be authenticated.

Also, make sure that this section is defined in your Web.Config:

<authentication mode="Forms">
  <forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>

Answer 2

I just tried this:

<!-- using custom auth with MVC redirect -->
<authentication mode="None">
  <forms loginUrl="~/Home/Index"/>
</authentication>

and it still works, although I'm using custom auth. Not sure about timeout though - will [Authorize] still use the default one for Forms Auth or it won't manage timeouts at all (preferred behavior for custom auth).

Answer 3

Mark your controller with [Authorize] attribute http://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute.aspx

See your web.config, by default you should have Forms authentication turned on authentication mode="Forms" http://msdn.microsoft.com/en-us/library/eeyk640h.aspx

Also look at this question ASP.NET MVC Authorization

In case if you want to have custom Authorize behavior look here Customizing authorization in ASP.NET MVC

Answer 4

I used the below code snippet and found it to be very elegant not requiring to write any redirect statements. MVC takes care of the redirection based on the forms login page configuration and upon successfull login/registration, the user is sent back to the initial requested page

 if (!User.Identity.IsAuthenticated)
 {
    //return new HttpUnauthorizedResult(); //This or the below statement should redirect the user to forms login page
    return new HttpStatusCodeResult(System.Net.HttpStatusCode.Unauthorized);
 }