- ASP.NET Web API Security Essentials
- Rajesh Gunasundaram
- 88字
- 2021-07-30 10:15:54
Authorization inside a controller action
Sometimes, it may be required to change the behavior after processing the request based on the principal. In such scenarios, we can implement authorization in a controller action. For example, if you would like to manipulate the response based on the user's role, we can verify the logged-in user role from the ApiController.User property in the action method itself:
public HttpResponseMessage Get()
{
if (!User.IsInRole("Admin"))
{
// manipulate the response to eliminate information that shouldn't be shared with non admin users
}
}
推薦閱讀
- 基于粒計(jì)算模型的圖像處理
- Node.js+Webpack開(kāi)發(fā)實(shí)戰(zhàn)
- Kubernetes實(shí)戰(zhàn)
- Windows Server 2012 Unified Remote Access Planning and Deployment
- Full-Stack Vue.js 2 and Laravel 5
- Building Android UIs with Custom Views
- Android傳感器開(kāi)發(fā)與智能設(shè)備案例實(shí)戰(zhàn)
- Java EE Web應(yīng)用開(kāi)發(fā)基礎(chǔ)
- Android移動(dòng)應(yīng)用項(xiàng)目化教程
- Python預(yù)測(cè)分析與機(jī)器學(xué)習(xí)
- Three.js權(quán)威指南:在網(wǎng)頁(yè)上創(chuàng)建3D圖形和動(dòng)畫的方法與實(shí)踐(原書第4版)
- Python高性能編程(第2版)
- 多接入邊緣計(jì)算實(shí)戰(zhàn)
- Python自動(dòng)化開(kāi)發(fā)實(shí)戰(zhàn)
- Drupal 8 Module Development