Does the [Authorize] attribute used with ASP.NET MVC controllers only function with sites that have implemented a MembershipProvider?
Short answer is no. It just checks that there is a IPrincipal, how that gets there is up to you.
I have my own login logic that I use instead of the Membership provider, once I've authenticated a user I just call the FormsAuthentication.SetAuthCookie method. Once you've done that you can then use the [Authenticate] attribute.
The [Authorize] attribute is an action filter. It's going to grab the IPrincipal and check if the user is authenticated or if you specify roles and/or users in with the attribute, it will match against those.
There are many ways that a web request can be authenticated. Everything from Open ID to Windows Authentication. Check out this question for an OpenID example and more links to implementing authentication that way: StackOverflow Question 961468
I'm pretty sure it does yes. I imagine you could role your own and implement a similar way of doing authentication/authorization.
来源:https://stackoverflow.com/questions/979039/is-the-authorize-attribute-for-asp-net-mvc-controllers-only-for-membership-pro