How I should check the validation of a member?

Question

I've been using Authorize to verify that the user has logged in but I was told in a previous post that it was used to make sure their role has access to that method.

Does that mean I should be using something else to allow/disallow access to a web page or is using Authorize the right way?

I have a handful of pages that I want to prevent users who are not logged in from getting to.

What is the right way of checking this and can it be done at class level?

Thanks!

Answer 1

Authorization and Authentication are two different things. It sounds like you are trying to use the AuthorizeAttribute to authenticate which should actually be happening by your membership provider.

So in short, authentication is a way for you to identify who your users are and authorization is how you identify what access a user has, identified or not.

One thing to mention from the docs on AuthorizeAttribute:

"When you mark an action method with AuthorizeAttribute, access to that action method is restricted to users who are both authenticated and authorized. If you mark a controller with the attribute, all action methods in the controller are restricted."

So it isn't performing the authentication for you but checking it.