0

In ASP we used to create protected folder by web.config in the folder:

<?xml version="1.0"?>
<configuration>
    <system.web>
      <authorization >
      <deny users="?"/>
      </authorization>
    </system.web>
</configuration>

Now, how i'm doing this in MVC where the page is controller and views?

The porpose is to enforce authorization not only by code since we are just human beings and tend to forget.

Is it enough to set a "autorization" attribute to the action?

assumptions:

using Identity framwork

shdr
  • 868
  • 10
  • 25
  • if you use identity framework, you can use [Authorize] tag on the top of your controller to provide authorization – hasan Oct 22 '17 at 16:00

1 Answers1

1

I think it actually the corresponding way.

Note that simple "[Authorize]" attribute requires just login operation, and if you want to limit to specific role or user you need to use Role or User properties.

I refer you also to:

  1. Protecting folders in MVC
  2. asp.net mvc decorate
  3. asp.net MVC secure root folder only for authorized users
risa
  • 73
  • 6