Friday, March 30, 2012

Securing your ASP.NET MVC 4 App and the new AllowAnonymous Attribute

You cannot use routing or web.config files to secure your MVC application. The only supported way to secure your MVC application is to apply the Authorize attribute to each controller and use the new  AllowAnonymous attribute on the login and register actions.