Answer the question
In order to leave comments, you need to log in
What is the best way to secure requests?
Let's say there is an api on the site and these requests change any data in the database. How to make it so that only the user can use a certain category of requests, and the administrator can use another category? Now I just check the value in the session and the handlers in the scripts do not execute the request if there is not a user / admin in the session. It is right?
Answer the question
In order to leave comments, you need to log in
Authentication and refinement of logic depending on the user's belonging to a group.
Something like this
if( User.IsAuthenticated && RoleProvider.IsUserInGroup("ADMIN")){
// your code
}
else{
// access denied
}
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question