How can I disallow anonymous access to my ASP.NET mvc controllers? Specifically, I want to require authenticated access to all controllers but allow anonymous access to resource type files such as .css and .js files. Don't plan on using membership services as I am using Microsoft Geneva.
thanks!
One way is to have your controllers inherit from (your own) ControllerBase.
Add the
[Authorize]
attribute to that class.
You can use the Authorize attribute (action filter) on each action method in each controller if you don't want to sub-class a base controller.
See here for an introduction to action filters: http://www.asp.net/learn/mvc/tutorial-14-cs.aspx