I read a couple of articles mentioning that you're supposed to have all of your controllers derive from a parent class with the [Authorize]
attribute to not leave security holes in your site. (Example: article )
However, all controllers already derive from the parent Controller, which doesn't have the [Authorize] attribute. What is the best way to enforce this suggestion without having to add the attribute to every single controller?
for MVC3 (and possibly 2 I do not remember) you can use global hooks like:
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new HandleErrorAttribute());
}
protected void Application_Start()
{
RegisterGlobalFilters(GlobalFilters.Filters);
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.