c# - Secure ASP.NET MVC 3 site -


i read couple of articles mentioning you're supposed have of controllers derive parent class [authorize] attribute not leave security holes in site. (example: article)

however, controllers derive parent controller, doesn't have [authorize] attribute. best way enforce suggestion without having add attribute every single controller?

for mvc3 (and possibly 2 not remember) can use global hooks like:

public static void registerglobalfilters(globalfiltercollection filters) {     filters.add(new handleerrorattribute()); }  protected void application_start() {     registerglobalfilters(globalfilters.filters); } 

Comments

Popular posts from this blog

javascript - Iterate over array and calculate average values of array-parts -

iphone - Using nested NSDictionary with Picker -

objective c - Newbie question -multiple parameters -