- ASP.NET Web API Security Essentials
- Rajesh Gunasundaram
- 88字
- 2021-07-30 10:15:54
Authorization inside a controller action
Sometimes, it may be required to change the behavior after processing the request based on the principal. In such scenarios, we can implement authorization in a controller action. For example, if you would like to manipulate the response based on the user's role, we can verify the logged-in user role from the ApiController.User property in the action method itself:
public HttpResponseMessage Get()
{
if (!User.IsInRole("Admin"))
{
// manipulate the response to eliminate information that shouldn't be shared with non admin users
}
}
推薦閱讀
- Learning Scala Programming
- C語言程序設計案例教程(第2版)
- C語言程序設計(第3版)
- Mastering phpMyAdmin 3.4 for Effective MySQL Management
- Raspberry Pi Networking Cookbook(Second Edition)
- 基于免疫進化的算法及應用研究
- 網店設計看這本就夠了
- jQuery開發基礎教程
- Unity Game Development Scripting
- PySpark Cookbook
- C++寶典
- 計算機應用基礎(Windows 7+Office 2010)
- React.js實戰
- 趣味掌控板編程
- Learning Node.js for Mobile Application Development