Asp.Net MVC4 AllowAnonymous<!-- --> | <!-- -->Patrick Desjardins Blog
Patrick Desjardins Blog
Patrick Desjardins picture from a conference

Asp.Net MVC4 AllowAnonymous

Posted on: October 17, 2012

In Asp.Net MVC3 and before, if we wanted to make my default all action of controller to be secured we had to create a AllowAnonymous filter and to add a global filter which was requiring a valid authentification before accessing the action.

With Asp.Net MVC 4, it's built in. You need to go inside the AppStart folder which contain the FilterConfig.cs file. Inside the FilterConfig.cs you will found what was inside the Global.Asax.cs : the static method _RegisterGlobalFilters.

You need to add to this method the new folder called "AuthorizeAttribute".

1public class FilterConfig {
2 public static void RegisterGlobalFilters(GlobalFilterCollection filters) {
3 filters.Add(new HandleErrorAttribute());
4 filters.Add(new AuthorizeAttribute());
5 }

By now, all action require a valid authentification. If you want to allow anonymous person to see the action, you need to add the AllowAuthorize attribute to the action. In fact, it's already been setup for the login and register method of the AccountController.cs.

2public ActionResult Login(string returnUrl) {
3 ViewBag.ReturnUrl = returnUrl;
4 return View();
8public ActionResult Register() {
9 return View();

That's it. Pretty simple and more secure!