Authorization

ASP.NET MVC 5: “Authorization” by default for your web app

Securing your MVC app is a tricky business! Although security is a huge topic, one of the problems that you might encounter is that unauthenticated users are allowed by default to execute every action in your web app. That behaviour is potentially unsafe because you have to remember to decorate your actions with the authorize attribute, and humans are prone to errors!

This is why, in my opinion, authentication should be enforced by default, or differently [Authorize] attribute should be added behind the scenes to every action.

Read More »ASP.NET MVC 5: “Authorization” by default for your web app