ASP.NET MVC 5: Custom AuthorizeAttribute for custom authentication

In my previous post, I wrote about how to protect your web app from human errors by enforcing authentication by default.

Since that process involves global filters, you can use that to add your own custom authentication by extending the AuthorizeAttribute.
Continue reading

ASP.NET MVC 5: Secure your web app

Securing your MVC app is one of the tricky things when migrating, as an engineer, from classic ASP.NET to ASP.NET MVC.

By default, access is allowed to every controller and action of your web app, which is potentially unsafe. As an architect, I am sure you would like to enforce the security of your app and don’t rely on whether a developer will actually remember to add the [Authorize] attribute to a sensitive controller or action.
Continue reading