Question: Securing the whole ASP.NET 5 MVC 6 application


Securing the whole ASP.NET 5 MVC 6 application

Answers 2
Added at 2016-01-07 08:01

If I want to secure a particular section in my MVC app, I use [Authorize] for the ActionMethod. I also know that I can use it for the entire controller so that I don't have to specify it for each and every ActionMethod in it.

I want to require authorization globally and want to be able to allow anonymous users in only a few places. How do I require users to be authorized globally and allow anonymous users in a few ActionMethods?

nr: #1 dodano: 2016-01-07 09:01

You can simply register AuthorizeFilter globally in your Startup.cs:

public void ConfigureServices(IServiceCollection services)
    // configure/build your global policy
    var policy = new AuthorizationPolicyBuilder()

    services.AddMvc(x => x.Filters.Add(new AuthorizeFilter(policy)));

(The actual policy-building bits were taken from @Sam's own answer)

nr: #2 dodano: 2016-01-07 09:01

Here's the answer... In Startup class, ConfigureServices method:

public void ConfigureServices(IServiceCollection services)
            // Add framework services.
            services.AddMvc(options =>
                options.Filters.Add(new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build()));
Source Show
◀ Wstecz