Implementing this logic is pretty easy. All we need to-do is to add an [Authorize] filter attribute to our Create action methods like so:
[Authorize]
public ActionResult Create() {
...
}
[AcceptVerbs(HttpVerbs.Post), Authorize]
public ActionResult Create(Dinner dinnerToCreate) {
...
}
The [Authorize] filter optionally supports the ability to specify a "Users" or "Roles" property that can be used to require that the user is both logged in and within a list of allowed users or a member of an allowed security role. For example, the code below only allows two specific users, "scottgu" and "billg", to access the /Dinners/Create URL:
[Authorize(Users="scottgu,billg")]
public ActionResult Create() {
...
}
We could then update the code to only allow users within a specific "admin" role
[Authorize(Roles="admin")]
public ActionResult Create() {
...
}
Get more details from followings link
Custom-Authentication-and-Authorization-in-ASP.NET-MVC.html[
^]
Authentication role basis[
^]