ASPHostPortal is a premiere web hosting company that specialized in Windows and ASP.NET-based hosting. Today, we are proud to introduce our new Microsoft product, ASP.NET 4.5 Hosting to all our new and existing customer. For more information about this new product, please visit ASPHostPortal official website at http://www.asphostportal.com.

As a response to today's technology development, ASPHostPortal.com provides customers with the option of the ASP.NET 4.5 hosting service. This newest version of .NET framework wills able users to manage and design web application faster. There are various features added such as, Page Meta Keyword and Description that will be very helpful for deploying SEO, AJAX, Visual Studio 2010 Support, IIS7 URL Rewrite, New ListView and DataPager Controls and WCF Support for RSS, JSON, POX and Partial Trust.

"This release is exciting as not only does it open the door for developers to stay ahead of the curve; it shows once again how ASPHostPortal.com is committed to being an industry leader,” said ASPHostPortal CEO, Robert Kruger. "You can get this new features on our shared hosting and also our reseller hosting."

“I’m very excited to see the latest Microsoft .NET Framework implemented on our infrastructure and to give our customers the opportunity to learn and experiment with the new features on our hosting environment." said Dean Thomas, General Manager of ASPHostPortal.com.

As a leading small to mid-sized business web hosting provider, we strive to offer the most technologically advanced hosting solutions available to our customers across the world. Security, reliability, and performance are at the core of our hosting operations to ensure each site and/or application hosted on our servers is highly secured and performs at optimum level.

For more details about this product, please visit http://asphostportal.com/Cheap-ASPNET-45-Hosting.aspx.

In this article, I will discuss one new features in ASP.NET MVC 4, AllowAnonymous Attribute. This feature helps you secure an entire ASP.NET MVC 4 Website or Controller while providing a convenient means of allowing anonymous users access to certain controller actions, like the login and register Actions. If you look at the AccountController in a default ASP.NET MVC 4 Internet Project you will see AllowAnonymous Attributes sprinkled throughout various login and register controller actions for this very reason.

AllowAnonymous Attribute in ASP.NET MVC 4

As mentioned, if you create a new ASP.NET MVC 4 Internet Project in Visual Studio 2010 or Visual Studio 11 and view the AccountController you will notice the generous use of the AllowAnonymous Attribute on various login and register controller actions. Here are a few of those controller actions.

[Authorize]
public class AccountController : Controller {
  [AllowAnonymous]
  public ActionResult Login() {
    // ...
  }

  [AllowAnonymous]
  [HttpPost]
  public JsonResult JsonLogin(LoginModel model, string returnUrl) {
    // ...
  }

  [AllowAnonymous]
  [HttpPost]
  public ActionResult Login(LoginModel model, string returnUrl) {
    // ...
  }

  [AllowAnonymous]
  public ActionResult Register() {
    // ...
  }

  [AllowAnonymous]
  [HttpPost]
  public ActionResult JsonRegister(RegisterModel model) {
    // ...
  }

  [AllowAnonymous]
  [HttpPost]
  public ActionResult Register(RegisterModel model) {
    // ...
  }
}

The idea is pretty simple. The Authorize Attribute on the AccountController in this ASP.NET MVC 4 Application denies anonymous access to every controller action. However, we need to allow anonymous access to the login and register controller actions so we decorate them with the AllowAnonymous Attribute which negates the Authorize Attribute and allows anonymous access.

Securing Entire ASP.NET MVC 4 Website with Global Filters

RegisterGlobalFilters(GlobalFilterCollection filters) {
  filters.Add(new HandleErrorAttribute());
  filters.Add(new System.Web.Mvc.AuthorizeAttribute());
}

You need to specify System.Web.Mvc with the Authorize Attribute because you will find an AuthorizeAttribute in System.Web.Http, too. This now secures every controller action in the entire ASP.NET MVC 4 Website except for those that use the AllowAnonymous Attribute.

Authorize Attribute and OnAuthorization Method

I was curious as to how the AllowAnonymous Attribute in ASP.NET MVC 4 was able to bypass the
Authorize Attribute, and the answer is in the Authorize Attribute's OnAuthorization Method. The OnAuthorization Method of the Authorize Attribute looks for an AllowAnonymous Attribute on the action or the controller and bypasses authorization if this is the case.

Here is a snippet of the OnAuthorization Method:

if (!filterContext.ActionDescriptor.IsDefined
    (typeof(AllowAnonymousAttribute), inherit) &&
  !filterContext.ActionDescriptor.ControllerDescriptor.IsDefined
    (typeof(AllowAnonymousAttribute), true)) {
      // Check for authorization
}

Essentially skip authorization if you find an AllowAnonymous Attribute on the action or controller.

Find ASP.NET MVC 4 hosting with ASPHostPortal.com. Starts from ONLY $2.00/month.