Hi all... I'm developing an website using asp.net mvc with MySQL and I need to make a simple restrict area for the user update some informations in website. So, I had created an area in mvc application called "Admin", and I know how to protect it using Forms authentication and Autorize attribute! It works fine, but in each controller of my area I have to set the Autorize attribute to protected them. Is there any way to protected all Area in Web.config? How can I do that?
Thanks
Cheers
A bit off your question as you want to use Web.config, but you can use PostSharp (an aspect oriented framework) to inject attributes on methods.
You must not use Web.config location-based authorization in an MVC application. Doing so will lead to security vulnerabilities in your site.
The easiest way to get the behavior you're looking for is to have an AdminBaseController which has an [Authorize] attribute on it, then have each controller in your Admin area subclass this type directly. The attribute will flow from the base type to the subclassed types.