MVC Core How to force / set global authorization for all actions?

asp.net-core-mvc authorize-attribute asp.net-authorization
Lukasz Makowej picture Lukasz Makowej · Apr 4, 2016 · Viewed 17.3k times · Source

How to force / set global authorization for all actions in MVC Core ?

I know how to register global filters - for example I have:

Setup.cs

services.AddMvc(options =>
{
    options.Filters.Add(new RequireHttpsAttribute());
});

and this works fine, but I can't add the same for Authorize:

options.Filters.Add(new AuthorizeAttribute());

I have error:

Cannot convert from 'Microsoft.AspNet.Authorization.AuthorizeAttribute()' to 'System.Type'

(Method .Add() needs IFilterMetadata type)


I know - from similar questions - that this works on MVC4-5... So something must changed on MVC Core...

Someone have any idea?

Answer

blowdart picture blowdart · Apr 5, 2016 
services.AddMvc(config =>
{
    var policy = new AuthorizationPolicyBuilder()
                     .RequireAuthenticatedUser()
                     .Build();
    config.Filters.Add(new AuthorizeFilter(policy));
});

Related questions

ASP.NET Core Dependency Injection error: Unable to resolve service for type while attempting to activate

I created an .NET Core MVC application and use Dependency Injection and Repository Pattern to inject a repository to my controller. However, I am getting an error: InvalidOperationException: Unable to resolve service for type 'WebApplication1.Data.BloggerRepository' while attempting to …

Read More
Getting value from appsettings.json in .net core

Not sure what am I missing here but I am not able to get the values from my appsettings.json in my .net core application. I have my appsettings.json as: { "AppSettings": { "Version": "One" } } Startup: public class Startup { private IConfigurationRoot _…

Read More
How do you create a custom AuthorizeAttribute in ASP.NET Core?

I'm trying to make a custom authorization attribute in ASP.NET Core. In previous versions it was possible to override bool AuthorizeCore(HttpContextBase httpContext). But this no longer exists in AuthorizeAttribute. What is the current approach to make a custom …

Read More