Is there a elegant way to require all actions to require [Authorize] without having to use an AOP framework or similar? It seems to easy too forget to put the attribute on all controllers. I guess creating a base controller also can solve this, but again.. It's possible to forget to inherit from this one.
A:
Putting it on the base controller is the easiest thing to do. To enforce compliance, you could write a unit test which enumerates over all the Controller types in your application and does a check to make sure that they subclass your CustomControllerBase.
Levi
2010-06-24 15:57:47