- ASP.NET Web API Security Essentials
- Rajesh Gunasundaram
- 88字
- 2021-07-30 10:15:54
Authorization inside a controller action
Sometimes, it may be required to change the behavior after processing the request based on the principal. In such scenarios, we can implement authorization in a controller action. For example, if you would like to manipulate the response based on the user's role, we can verify the logged-in user role from the ApiController.User property in the action method itself:
public HttpResponseMessage Get()
{
if (!User.IsInRole("Admin"))
{
// manipulate the response to eliminate information that shouldn't be shared with non admin users
}
}
推薦閱讀
- Hyper-V 2016 Best Practices
- C語言程序設計案例教程(第2版)
- 構建移動網站與APP:HTML 5移動開發入門與實戰(跨平臺移動開發叢書)
- 實用防銹油配方與制備200例
- 編程珠璣(續)
- MariaDB High Performance
- Windows Server 2012 Unified Remote Access Planning and Deployment
- Apex Design Patterns
- Expert Data Visualization
- 動手學數據結構與算法
- iPhone應用開發從入門到精通
- 時空數據建模及其應用
- SQL Server 2008 R2數據庫技術及應用(第3版)
- .NET 4.5 Parallel Extensions Cookbook
- Python入門很輕松(微課超值版)