Customizing authentication in MVC
If you want to develop a web application which requires authentication or security features not included in the regular ASP.NET membership feature, you might decide to implement these features yourself. But it seems as if the first instinct of many ASP.NET MVC developers is to do this by customizing their Controllers, but I will share you a better way that uses an attribute for that. We can inherit a System.Web.Mvc.AuthorizeAttribute for do that. You can specifies that access to a controller or action method is restricted to users who meet the authorization requirement.