1.If you are trying to allow access only to authorized users, the management of unauthorized access to site functionalities should be done by using the
[Authorize]
attribute. So in all controllers' public actions that require authentication we must use this attribute, and in the controller class (or better in your base class for all controllers) you should manage the access like in the next code:
protected override void OnException(ExceptionContext filterContext)
{
if (filterContext.Exception is UnauthorizedAccessException)
{
filterContext.ExceptionHandled = true;
filterContext.Result = RedirectToAction("LogIn", "Account");
}
base.OnException(filterContext);
}
2.If you want to have control over the controller action before to execute the current action, you could do it by overriding the next controller members:
protected override bool DisableAsyncSupport
{
get { return true; }
}
protected override void ExecuteCore()
{
base.ExecuteCore();
}