Authorize and AllowAnanymous Attributes in ASP.NET MVC 5
Example Code: https://drive.google.com/file/d/1vU4wNkp35Co8amL-_ZY6Z7HbVs2uj1yK/view?usp=sharing
[Authorize] Attribute
Authorize Attribute is built in attribute when applied on action or controller you can access that controller or action only after login.
[AllowAnanymous] Attribute
When you apply AllowAnanymous Attribute on any action and controller the action can be called without login even though controller is Authorized it can not be called without login.
But these two attributes will work with ASP.NET Identity Framework/ API
What is ASP.NET Identity?
ASP.NET Identity is the membership system for authentication and authorization of the users by building an ASP.NET application. ASP.NET identity provides you all the functionalities to manage users. It provides you complete set of functionalities to register, login , change password etc.
It provides you required controllers, models as well as views. It also has built in entity model which will generate database to manage the users.
- Create ASP.NET MVC 5 project using previous steps.
- While creating the project please click on change button under authentication and select individual user accounts it will create controller called AccountsController and ManageController with all models, views, view models with IdentityDbContext with tables to store, manage the user information.
- Create Test Controller with actions like Index, About, Services and Contact as follows and try to access them.
[Authorize]
public class TestController : Controller
{
// GET: Test
public ActionResult Index()
{
return View();
}
public ActionResult About()
{
return View();
}
[AllowAnonymous]
public ActionResult Services()
{
return View();
}
public ActionResult Contact()
{
return View();
}
}