Does the [Authorize] attribute used with ASP.NET MVC controllers only function with sites that have implemented a MembershipProvider?
views:
377answers:
3
A:
I'm pretty sure it does yes. I imagine you could role your own and implement a similar way of doing authentication/authorization.
Jack Marchetti
2009-06-11 03:07:40
+1
A:
The [Authorize] attribute is an action filter. It's going to grab the IPrincipal and check if the user is authenticated or if you specify roles and/or users in with the attribute, it will match against those.
There are many ways that a web request can be authenticated. Everything from Open ID to Windows Authentication. Check out this question for an OpenID example and more links to implementing authentication that way: StackOverflow Question 961468
Jeff
2009-06-11 03:14:26
+5
A:
Short answer is no. It just checks that there is a IPrincipal, how that gets there is up to you.
I have my own login logic that I use instead of the Membership provider, once I've authenticated a user I just call the FormsAuthentication.SetAuthCookie method. Once you've done that you can then use the [Authenticate] attribute.
Mark
2009-06-11 07:08:57