Securing the entire ASP.NET 5 MVC 6 application

Question

Securing the entire ASP.NET 5 MVC 6 application

If I want to protect a specific section in my MVC application, I use [Authorize] for ActionMethod. I also know that I can use it for the entire controller, so I do not need to specify it for every ActionMethod in it.

I want to require authorization around the world and I want to allow anonymous users in just a few places. How do I allow users to log in all over the world and allow anonymous users to use several ActionMethods?

+7

asp.net-core asp.net-core-mvc asp.net-identity asp.net-authorization

Sam Jan 7 '16 at 7:29

source share

2 answers

Here's the answer ... In the Startup class, ConfigureServices :

 public void ConfigureServices(IServiceCollection services) { // Add framework services. services.AddMvc(options => { options.Filters.Add(new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build())); }); }

+4

Sam Jan 7 '16 at 8:24

source share

haim770 · Accepted Answer · 2016-01-07T08:03:03+0000

You can simply register AuthorizeFilter globally in Startup.cs :

 public void ConfigureServices(IServiceCollection services) { // configure/build your global policy var policy = new AuthorizationPolicyBuilder() .RequireAuthenticatedUser() .Build(); services.AddMvc(x => x.Filters.Add(new AuthorizeFilter(policy))); }

(Actual policy building bits were taken from @Sam's own answer)

Securing the entire ASP.NET 5 MVC 6 application

More articles: