Start Learning Free
Skill Test 
Previous Tutorial
29
AugSecuring Asp.Net MVC Application by using Authorize Attribute
02 Aug 2025
Advanced
169K Views
3 min read
Learn with an interactive course and practical hands-on labs
ASP.NET MVC with Web API Online Course - Learn & Certify
Securing ASP.NET MVC Application by using Authorize Attribute: An Overview
Authorization in ASP.NET MVC is the process of determining the rights of an authenticated user for accessing the application's resources. The Asp.Net MVC Framework has a AuthorizeAttribute filter for filtering the authorized user to access a resource. Refer this article for Custom Authentication and Authorization in ASP.NET MVC. In this tutorial, we'll know more about Authorize filter in ASP.NET MVC. For deeper knowledge, get enrolled in our ASP.NET MVC Training.
Read More: MVC Interview Questions and Answers
What is Authorize attribute?
The 'Authorize' attribute in an ASP.NET application is a powerful tool that helps us to have full control over who can access the resources in our ASP.NET MVC application and who can not. If someone who is not authenticated for access and tries to access action or controller that are under Authorize attribute, will be redirected to either the login page or an appropriate access-denied page.
Authorize Attribute Properties:
| Properties | Description |
| Roles | Gets or sets the roles required to access the controller or action method. |
| Users | Gets or sets the user names required to access the controller or action method. |
Read More: A Brief History of ASP.NET MVC Framework
Filtering Users by Users Property
Suppose you want to allow the access of AdminProfile to only shailendra and mohan users then you can specify the authorize users list to Users property as shown below.
[Authorize(Users = "shailendra,mohan")]
public ActionResult AdminProfile()
{
return View();
}
Filtering Users by Roles Property
Suppose you want to allow the access of AdminProfile action to only Admin and SubAdmin roles then you can specify the authorize roles list to Users property as shown below.
[Authorize(Roles = "Admin,SubAdmin")]
public ActionResult AdminProfile()
{
return View();
}
Summary
I hope you will enjoy the tips while programming with Asp.Net MVC. I would like to have feedback from my blog readers. Your valuable feedback, question, or comments about this article are always welcome. Increase your knowledge in ASP.NET MVC Core concepts with us by enrolling in ASP.NET MVC Certification Course right now!
FAQs
In MVC, the Authorize attribute is used for restricting access on the actions and controllers so that only users that are authenticated can access it.
To make MVC application secure, you must use:
- Authentication and authorization mechanisms
- HTTPS encryption
- Sanitizing input data
The Authorize attribute can only be applied to action methods present in the controller and to the controller itself.
In MVC, both authentication and authorization are meant to secure the sensitive data by giving their developers control to set who can access it and who can not.
The Authorize attribute helps in restricting access over the controllers and actions present in it so as to make sure that only authenticated users can access them.
Unlimited live sessions
Quick notes
Hands-on labs
Real-world projects
Interview prep