If you have worked with ASP.NET MVC before, you may already be familiar with authorization. The [Authorize] and [AllowAnonymous] attributes are the inbuilt authorization components in the framework. At the simplest level, applying the [Authorize] attribute over a Controller or action restricts the access to the Controller or action to authenticated users only. If you apply the [Authorize] attribute to a Controller, it applies to all the actions:
[Authorize]public class AccountController : Controller{ public ActionResult Login() { } public ActionResult Logout() { }}
In the preceding code, only authenticated users have access to the Login action as well. This doesn't make sense as I want to log in when I am not logged in, ...