I have been looking around but i don't see any spec for this, maybe i search a wrong keyword. But i'm here so i should ask something.. :)
I'm familiar with Authorize Attribute, but I think it only apply to Actions. What should i do if i want my whole application to authorize first before getting access to any actions?
It will be very pain to just repeat in every action to put [Authorize] tag on top of them.
Thank you very much
No, you can mark your controller with AuthorizeAttribute like an action. Check out here.
It is not quite correct that AuthorizeAttribute applies only to actions. It can also be applied to classes containing actions. If you have a base controller type for your application (which can be abstract, if you like), and every other controller is a subtype of that base type, then your entire application now requires authorization, with just a few characters of typing.
You should find a way to make AuthorizeAttribute work for you; this is the standard way of doing authentication in ASP.NET MVC.