27
DecSecuring Asp.Net MVC Application by using Authorize Attribute
Securing ASP.NET MVC Application by using Authorize Attribute: An Overview
Authorization in ASP.NET MVC is the process of determining the rights of an authenticated user for accessing the application's resources. The Asp.Net MVC Framework has a AuthorizeAttribute filter for filtering the authorized user to access a resource. Refer this article for Custom Authentication and Authorization in ASP.NET MVC. In this tutorial, we'll know more about Authorize filter in ASP.NET MVC. For deeper knowledge, get enrolled in our ASP.NET MVC Training.
Read More: MVC Interview Questions and Answers
What is Authorize attribute?
The 'Authorize' attribute in an ASP.NET application is a powerful tool that helps us to have full control over who can access the resources in our ASP.NET MVC application and who can not. If someone who is not authenticated for access and tries to access action or controller that are under Authorize attribute, will be redirected to either the login page or an appropriate access-denied page.
Authorize Attribute Properties:
Properties | Description |
Roles | Gets or sets the roles required to access the controller or action method. |
Users | Gets or sets the user names required to access the controller or action method. |
Read More: A Brief History of ASP.NET MVC Framework
Filtering Users by Users Property
Suppose you want to allow the access of AdminProfile to only shailendra and mohan users then you can specify the authorize users list to Users property as shown below.
[Authorize(Users = "shailendra,mohan")]
public ActionResult AdminProfile()
{
return View();
}
Filtering Users by Roles Property
Suppose you want to allow the access of AdminProfile action to only Admin and SubAdmin roles then you can specify the authorize roles list to Users property as shown below.
[Authorize(Roles = "Admin,SubAdmin")]
public ActionResult AdminProfile()
{
return View();
}
Summary
I hope you will enjoy the tips while programming with Asp.Net MVC. I would like to have feedback from my blog readers. Your valuable feedback, question, or comments about this article are always welcome. Increase your knowledge in ASP.NET MVC Core concepts with us by enrolling in ASP.NET MVC Certification Course right now!
FAQs
- Authentication and authorization mechanisms
- HTTPS encryption
- Sanitizing input data