Securing MVC4 with the AuthorizeAttribute
Question
I've been learning about how to secure asp.net MVC4 applications but something confuses me concerning the use of the 的使用使我有些困惑
(One of the blogs that nicely explains securing MVC is this one )
To lock down all controllers by default, the is added to 被添加到
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new HandleErrorAttribute());
filters.Add(new System.Web.Mvc.AuthorizeAttribute());
}
But I'm also seeing examples where something similar is done in the global.asax file:
GlobalConfiguration.Configuration.Filters.Add(new System.Web.Http.AuthorizeAttribute());
I understand that the first statement is to lock down the MVC controllers and the second is to lock down the WebAPI controllers, but when is the second statement needed? If I'm not building WebApi controllers, is the second statement still necessary?
1 answers
solution1
1 ACCPTED 2013-10-31 09:12:12
I understand that the first statement is to lock down the MVC controllers and the second is to lock down the WebAPI controllers....If I'm not building WebApi controllers, is the second statement still necessary?
I think this is one of those questions were deep down you know the answer but want a definitive answer....so here it is - No.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.