Membership, authorization, security in MVC

• Sign in with the authorize feature

Authorize is the default authorization filter for ASP. NET MVC, which can be used to restrict user access to action methods.

• • Protection Controller Operation
    • 　　
  • Authorize features in Forms authentication and AccountController controller usage
    • The Internet Application template for ASP. NET MVC includes a basic accountcontroller that supports account management for ASP. NET Membership and OAuth authentication.

  • Windows Authentication in the Intranet application template

Using Windows authentication, you can handle registration and LOG on operations outside of a WEB application, which does not require accountcontroller and its associated models and views.

• • Security for the entire controller

From an anonymous shopping cart to an excessive settlement requiring registration, you can meet the requirements for authorization by adding the authorize feature on the controller Checkoutcontroller.

• • Secure your entire application with global authorization filters

• Require role members to use the Autorize attribute
  • Extending roles and Members
• External login via OAuth and OpenID
  • Registering an external login provider
  • Configure the Open provider
  • Configuring the OAuth Provider
  • Security for external logins

• Security vectors in WEB applications
  • Threats: Cross-site scripting
  • Threats: Cross-site request forgery
  • Threats: Cookie Theft
  • Threats: Repeating commits
  • Threats: Open redirection

• Appropriate error reporting and stack traces
  • 　　Using Configuration transformations
  • Using the Retail deployment configuration in a production environment
  • Using a dedicated error logging system

• Security Review and useful resources

Membership, authorization, security in MVC