asp.net mvc - how to Secure javascript calls WebAPI from a mvc app -
i've designed mvc view in mvc4 website allows members update user details. works ok using mvc if create partial view allows users update address example using ajax. how can apply level of security determine user x can update userx's account. , not allow user login user x , spoof post , update user y's account?
regardless if controller mvc controller or webapi controller, after user authenticates , principal set in current thread, have check user in current context:
httpcontext.user
is 1 data being edited belongs to. username populated on
httpcontext.user.identity.name
if username of user being edited different authenticated user, throw , invalidoperationexception.
Comments
Post a Comment