开发者

Secure ASP.NET MVC 3 site

问答 作者:

I read a couple of articles mentioning that you're supposed to have all of your controllers derive from a parent class with the [Authorize] attribute to not leave security holes in your site. (Example: article)

However, all controllers already derive from the parent Controller, which doesn't have the [Authorize] attribute. What is the best way to enforce this suggestion without having to add the attr开发者_开发问答ibute to every single controller?

for MVC3 (and possibly 2 I do not remember) you can use global hooks like:

public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
    filters.Add(new HandleErrorAttribute());
}

protected void Application_Start()
{
    RegisterGlobalFilters(GlobalFilters.Filters);
}

继续阅读:.netasp.net-mvc-3security

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9