ASP.NET MVC Authentification Form

Question

Hi all, I need to deny all access to any controller if they do not login. I do not want to do this for each entry:

[Authorize]
public ActionResult AnyMethod() {
...
}

I try something like that but this was denied access to everything (css, js, ...).

<authorization>
     <deny users="?"/>
</authorization>

In the Web.config I have only this code:

<authentication mode="Forms">
   <forms loginUrl="Account/Login"></forms>
</authentication>

Thank you

Answer 1

You can put the Authorize attribute on the controller instead -- it can be applied to both methods and classes. This will save you a lot of work and still give your users access to your static content (that isn't protected via the web.config).

 [Authorize]
 public class AdminController : Controller
 {
     ...
     public ActionResult SetPassword( UserPasswordModel model )
     {
         ...
     }
     ...
 }