Decorate your controllers/actions with the [Authorize]
attribute instead. Or if you want this to apply to all controllers add it as a global action filter:
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new AuthorizeAttribute());
}
Of course by doing this you might want to exclude your AccountController from authentication by decorating it with the [AllowAnonymous]
attribute:
Then in your web.config, set the loginUrl
page of your forms authentication tag to point to the login page where all anonymous users will be redirected to:
<authentication mode="Forms">
<forms loginUrl="~/home/login" />
</authentication>