Is the [Authorize] attribute for ASP.NET MVC controllers only for membership providers?

Question

Is the [Authorize] attribute for ASP.NET MVC controllers only for membership providers?

Is the [Authorize] attribute used with ASP.NET MVC controllers used only with sites where MemberhipProvider was implemented?

+6

asp.net-mvc attributes asp.net-membership

Kingestor Jun 11 '09 at 2:32

source share

3 answers

Mark · Answer 1 · 2009-06-11T07:08:57+0000

The short answer is no. It just checks that there is an IPrincipal, how it turns out is up to you.

I have my own login logic, which I use instead of the membership provider, as soon as I authenticate the user, I just call the FormsAuthentication.SetAuthCookie method. After that, you can use the [Authenticate] attribute.

Jeff · Answer 2 · 2009-06-11T03:14:26+0000

The [Authorize] attribute is an action filter. It is going to capture the IPrincipal and check if the user is authenticated, or if you specify the roles and / or users in the attribute, it will match those.

There are many ways to authenticate a web request. Everything from Open ID to Windows Authentication. Check this question for an example of OpenID and other authentication implementation references this way: fooobar.com/questions/855238 / ...

Jack marchetti · Answer 3 · 2009-06-11T03:07:40+0000

I'm sure yes. I assume that you can play a role and implement a similar authentication / authorization method.

Is the [Authorize] attribute for ASP.NET MVC controllers only for membership providers?

More articles: