O'Reilly logo

ASP.NET MVC 4 Mobile App Development by Andy Meadows

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Authorization

Authentication gives us a means to identify our users, but it is authorization that provides us a mechanism to enable or restrict the actions authenticated users may perform.

Restricting access

In ASP.NET MVC, access is restricted through the use of the Authorize attributes that may be placed on controllers or actions. If the Authorize attribute is at the controller level, anonymous users may be granted access to specific actions via the AllowAnonymous keyword.

The Authorize attribute

If you take a look at the AccountController class, you will see the class declared with the Authorize attribute. However, the Login action is decorated with the AllowAnonymous attribute:

[Authorize]
public class AccountController : Controller
{
 [AllowAnonymous] ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required