29
SepSecuring Asp.Net MVC Application by using Authorize Attribute
Authorization is the process of determining the rights of an authenticated user for accessing the application's resources. The Asp.Net MVC Framework has a AuthorizeAttribute filter for filtering the authorized user to access a resource. Refer this article for Custom Authentication and Authorization in ASP.NET MVC
Filtering Users by Users Property
Suppose you want to allow the access of AdminProfile to only shailendra and mohan users then you can specify the authorize users list to Users property as shown below.
[Authorize(Users = "shailendra,mohan")] public ActionResult AdminProfile() { return View(); }
Filtering Users by Roles Property
Suppose you want to allow the access of AdminProfile action to only Admin and SubAdmin roles then you can specify the authorize roles list to Users property as shown below.
[Authorize(Roles = "Admin,SubAdmin")] public ActionResult AdminProfile() { return View(); }
What do you think?
I hope you will enjoy the tips while programming with Asp.Net MVC. I would like to have feedback from my blog readers. Your valuable feedback, question, or comments about this article are always welcome.
Take our free skill tests to evaluate your skill!

In less than 5 minutes, with our skill test, you can identify your knowledge gaps and strengths.