I need to deny all access to any controller if they do not login.

Question

0

Asked: May 17, 20262026-05-17T02:05:45+00:00 2026-05-17T02:05:45+00:00

I need to deny all access to any controller if they do not login.

0

I need to deny all access to any controller if they do not login.
I do not want to do this for each entry:

[Authorize]
public ActionResult AnyMethod() {
...
}

I try something like that but this was denied access to everything (css, js, …).

<authorization>
     <deny users="?"/>
</authorization>

In the Web.config I have only this code:

<authentication mode="Forms">
   <forms loginUrl="Account/Login"></forms>
</authentication>

Thank you

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-17T02:05:46+00:00

You can put the Authorize attribute on the controller instead — it can be applied to both methods and classes. This will save you a lot of work and still give your users access to your static content (that isn’t protected via the web.config).

 [Authorize]
 public class AdminController : Controller
 {
     ...
     public ActionResult SetPassword( UserPasswordModel model )
     {
         ...
     }
     ...
 }

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I need to deny all access to any controller if they do not login.

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply