views:

46

answers:

1

I'm trying to take away anonymous access to a single view of an MVC application.

I tried to did this by going to the directory (i.e. /views/private) and removing anonymous authentication. This didn't help.

What is the easiest way to do this?

+2  A: 

Your users shouldn't ever visit the physical location of any of your views, so protecting the views\private directory wouldn't have any effect. As Developer Art mentioned, security in MVC apps should be done within the controller by using the Authorize attribute. You can apply that attribute to a controller class or to individual action methods within a controller.

Edit: If you're using a view engine that uses files the way the default view engine does, then your entire views directory should be protected so that users cannot access any of those files. (Some view engines compile the views into an assembly, so this would not apply.)

Dennis Palmer