How to force the user to login to see any content using ASP.NET MVC 4

asp.net-mvc-4 forms-authentication simplemembership
11,851

You can achieve this by registering Authorize attribute as global filter. Bellow is an example of how your RegisterGlobalFilters method should look like:

public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
    filters.Add(new HandleErrorAttribute());
    filters.Add(new AuthorizeAttribute());
}

with this in place, you'll have to allow anonymous users to access the login page. To do that you annotate your Login action method with AllowAnonymous attribute. 

[AllowAnonymous]
[HttpGet]
public ActionResult Login()
{
 ...
}

Do the same for Login action method that receives POST request.

Share:
11,851

Related videos on Youtube

Leron
Author by

Leron

Updated on June 21, 2022

Comments

  • Leron
    Leron almost 2 years

    I am working on a 'ASP.NET MVC 4' application and use 'SimpleMembershipProvider'. The application will be used in intranet and there will be no content available for not authorized users so I want to force login before letting the user to the actual site content.

    I think this should be rather trivial task but it's the first time I have to implement such logic and I also want to do it MVC 4/SimpleMemebrship style so I seek advice.

    The way I think it should be implemented is first to add this in the web.config:

    <authentication mode="Forms">
      <forms loginUrl="~/Account/Login" timeout="15" slidingExpiration="true" enableCrossAppRedirects="false" protection="All" />
    </authentication>

    after all I won't have action that will allow anonymous so I think it's better to put this here.

    And changing my default Route to:

     routes.MapRoute(
                name: "Default",
                url: "{controller}/{action}/{id}",
                defaults: new { controller = "Account", action = "Login", id = UrlParameter.Optional }
            );

    Which as I see it, will be the only action that will allow anonymous. However I'm a little bit concerned about changing the default route to Login I'm not sure if this won't lead to some unexpected drawbacks.

    I also have the idea to keep the default structure created by the MVC 4 Internet Template and just leaving the Index action of the Home controller taking responsibility but I don't like this scenario because the logic is clear - the user must be logged in in order to gain any kind of access and even Home/Index is some access in my mind.

    So what is the way to implement such kind of behavior? What are the basic steps, changes that I should make in order to implement this right?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How do I use my own database with SimpleMembership and WebSecurity? What is MVC4 security all about?
MVC4 ExtendedMembershipProvider and entityframework
ASP.NET MVC 4 Session timeout
SimpleMembership in MVC4 app + WebApi using basic HTTP auth
How to use SimpleMemberShip Provider in Asp.net MVC 4 application
Upgrading to ASP.NET 4.5/MVC 4 forms authentication fails
Get logged in user's id
How to make WebSecurity.Login to login using username or email?
User.IsInRole doesn't work
ASP.NET Identity vs Simple membership Pros and Cons?