Or “Where did RegisterGlobalFilters go”.
You might have read Securing your ASP.NET MVC 4 App and the new AllowAnonymous Attribute or similar posts about adding a global
[Authorize] attribute to your MVC project and then whitelist specific routes such as login pages. The code for this would look like this:
And a whitelisted action would be decorated like this:
This is something that you should still do if your application is more private than public, it’s just handled a bit differently in MVC6. You might have already figured that out by the
System.Web.Mvc.AuthorizeAttribute line, since we don’t want to use
In MVC6 you would instead use a AuthorizationPolicy and apply it globaly. This is something that should be configured in your
ConfigureServices method, it would look something like this, depending on your specific needs.
You could then use the
[AllowAnonymous] attribute on your actions/controllers as in mvc5