stackoom
  简体   繁体   中英

Secure ASP.NET MVC 3 site

 原文  2011-07-21 11:57:40       c#/ .net/ security/ asp.net-mvc-3

Question

I read a couple of articles mentioning that you're supposed to have all of your controllers derive from a parent class with the [Authorize] attribute to not leave security holes in your site. (Example: article )

However, all controllers already derive from the parent Controller, which doesn't have the [Authorize] attribute. What is the best way to enforce this suggestion without having to add the attribute to every single controller?

1 answers

solution1
 2 ACCPTED  2011-07-21 12:01:33

for MVC3 (and possibly 2 I do not remember) you can use global hooks like:

public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
    filters.Add(new HandleErrorAttribute());
}

protected void Application_Start()
{
    RegisterGlobalFilters(GlobalFilters.Filters);
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Secure login method in ASP.NET MVC secure upload with uploadify and asp.net mvc 2 Creating a customBaseController for an ASP.Net MVC site? Collecting Stats on an asp.net mvc site? Hosting an ASP.NET MVC site in a webhotel ASP.NET MVC3 Intranet Site Asp.Net MVC site not showing in iFrame ASP.NET MVC - Organizing Site / URLs calling modal window from asp.net secure site links HTTPS secure connection configuration for asp.net web site
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM