How to use ASP.NET legacy membership provider in ASP.NET MVC 4 application

Question

I integrated a legacy ASP.NET 4 WebForms app with an ASP.NET MVC 4 app using VS2012 Update 4. The legacy app has security implemented via SQL Membership Provider. The legacy webForms pages are still secured in the newly integrated app, but the MVC views are not secured. For instance, a user cannot go to a .aspx page by directly using the page URL, say, http://myWebsite/SomeDir/Details.aspx but he/she can access a view, say, http://myWebsite/ControllerName/ActionMethod.

How can I secure the views using the same existing SQL Membership implementation that works on WebForms on this newly integrated web app.

Answer 1

You need to place [Authorize] attribute (either on the action method or controller) to protect it.