asp.net mvc - how to Secure javascript calls WebAPI from a mvc app -


i've designed mvc view in mvc4 website allows members update user details. works ok using mvc if create partial view allows users update address example using ajax. how can apply level of security determine user x can update userx's account. , not allow user login user x , spoof post , update user y's account?

regardless if controller mvc controller or webapi controller, after user authenticates , principal set in current thread, have check user in current context:

httpcontext.user 

is 1 data being edited belongs to. username populated on

httpcontext.user.identity.name 

if username of user being edited different authenticated user, throw , invalidoperationexception.


Comments

Popular posts from this blog

Detect support for Shoutcast ICY MP3 without navigator.userAgent in Firefox? -

web - SVG not rendering properly in Firefox -

java - JavaFX 2 slider labelFormatter not being used -