"ASP.NET MVC 3 introduced global filters, which allows you to add the AuthorizeAttribute filter to the global.asax file to protect every action method of every controller. (In MVC versions prior to MVC 3, it was difficult to enforce the AuthorizeAttribute attribute be applied to all methods except login/register. See my previous blog on security for details.) The code below shows how to add the AuthorizeAttribute filter globally."
" Great code has many attributes. It's effective, efficient, maintainable, elegant. When working on code with many developers and teams and maybe even companies, great code needs to also be consistent and easy to understand. For that purpose there are style guides. We use style guides for a lot of languages, and our newest public style guide is the Google HTML and CSS Style Guide."
"Many people on the forums want to know how to best protect Actions on their Controller using Forms Authentication. The MVC Team has done a nice job introducing Filters (using Attributes) to this latest drop of MVC, and in this post I'll show you how to create a filter that can handle security."
"Learn how to use the [Authorize] attribute to password protect particular pages in your MVC application. You learn how to use the Web Site Administration Tool to create and manage users and roles. You also learn how to configure where user account and role information is stored."
"You cannot use routing or web.config files to secure your MVC application. The only supported way to secure your MVC application is to use a base class with an [Authorize] attribute, and then have each controller type subclass that base type. "
" Naked Objects takes a domain object model, written as POCOs but following a few very simple conventions, and dynamically creates one or more complete user interfaces for it, using reflection (not 'code generation' or 'scaffolding'). It is highly effective in support of Domain-Driven Design, OO Modelling, and/or Agile Development.
Naked Objects MVC builds upon the core framework to create a complete web-based user interface, using ASP.NET MVC 3. The generic user interface may be customised via the .CSS, by adding custom views, or custom controllers, as needed.
Entity Framework is used to persist objects on a database. Security may be handled simply via Forms Authentication and attribute-based authorisation, or more comprehensively via Microsoft WIF and an STS. "