Year End Sale: Get Upto 40% OFF on Live Training! Offer Ending in
D
H
M
S
Get Now
Securing Asp.Net MVC Application by using Authorize Attribute

Securing Asp.Net MVC Application by using Authorize Attribute

01 Apr 2024
Advanced
167K Views
3 min read
Learn with an interactive course and practical hands-on labs

ASP.NET MVC with Web API Foundations Course - Free

Securing ASP.NET MVC Application by using Authorize Attribute: An Overview

Authorization in ASP.NET MVC is the process of determining the rights of an authenticated user for accessing the application's resources. The Asp.Net MVC Framework has a AuthorizeAttribute filter for filtering the authorized user to access a resource. Refer this article for Custom Authentication and Authorization in ASP.NET MVC. In this tutorial, we'll know more about Authorize filter in ASP.NET MVC. For deeper knowledge, get enrolled in our ASP.NET MVC Training.

Read More: MVC Interview Questions and Answers

What is Authorize attribute?

The 'Authorize' attribute in an ASP.NET application is a powerful tool that helps us to have full control over who can access the resources in our ASP.NET MVC application and who can not. If someone who is not authenticated for access and tries to access action or controller that are under Authorize attribute, will be redirected to either the login page or an appropriate access-denied page.

Authorize Attribute Properties:

PropertiesDescription
RolesGets or sets the roles required to access the controller or action method.
UsersGets or sets the user names required to access the controller or action method.

Read More: A Brief History of ASP.NET MVC Framework

Filtering Users by Users Property

Suppose you want to allow the access of AdminProfile to only shailendra and mohan users then you can specify the authorize users list to Users property as shown below.

[Authorize(Users = "shailendra,mohan")]
public ActionResult AdminProfile()
{
 return View();
}

Filtering Users by Roles Property

Suppose you want to allow the access of AdminProfile action to only Admin and SubAdmin roles then you can specify the authorize roles list to Users property as shown below.

[Authorize(Roles = "Admin,SubAdmin")]
public ActionResult AdminProfile()
{
 return View();
}
Summary

I hope you will enjoy the tips while programming with Asp.Net MVC. I would like to have feedback from my blog readers. Your valuable feedback, question, or comments about this article are always welcome. Increase your knowledge in ASP.NET MVC Core concepts with us by enrolling in ASP.NET MVC Certification Course right now!

FAQs

In MVC, the Authorize attribute is used for restricting access on the actions and controllers so that only users that are authenticated can access it.

To make MVC application secure, you must use:
  • Authentication and authorization mechanisms
  • HTTPS encryption
  • Sanitizing input data

The Authorize attribute can only be applied to action methods present in the controller and to the controller itself.

In MVC, both authentication and authorization are meant to secure the sensitive data by giving their developers control to set who can access it and who can not.

The Authorize attribute helps in restricting access over the controllers and actions present in it so as to make sure that only authenticated users can access them.
Share Article
About Author
Shailendra Chauhan (Microsoft MVP, Founder & CEO at ScholarHat)

Shailendra Chauhan, Founder and CEO of ScholarHat by DotNetTricks, is a renowned expert in System Design, Software Architecture, Azure Cloud, .NET, Angular, React, Node.js, Microservices, DevOps, and Cross-Platform Mobile App Development. His skill set extends into emerging fields like Data Science, Python, Azure AI/ML, and Generative AI, making him a well-rounded expert who bridges traditional development frameworks with cutting-edge advancements. Recognized as a Microsoft Most Valuable Professional (MVP) for an impressive 9 consecutive years (2016–2024), he has consistently demonstrated excellence in delivering impactful solutions and inspiring learners.

Shailendra’s unique, hands-on training programs and bestselling books have empowered thousands of professionals to excel in their careers and crack tough interviews. A visionary leader, he continues to revolutionize technology education with his innovative approach.
Accept cookies & close this