You should use Authorize action filter:
[Authorize]
public ActionResult Index()
{
return RedirectToAction("Login", "Account");
}
You can also use it on controller level to make sure all action methods require authentication:
[Authorize]
public class HomeController : Controller
{
//many action methods
}
If you want to use authentication for every action method in the application, you can add it as a global filter in FilterConfig.cs:
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new AuthorizeAttribute());
}
If you do this, you have to use AllowAnonymous filter on login actions so the user can authenticate themselves.