Reputation: 10753
Ensuring that only a particular user has access
If I want to protect an action for being accessed by everyone except one user, how do I do that?
So let's say a user has a product. When they go to the EditProduct action, how can I prevent anyone else from accessing it? In the past I always used User.Idenity.Name and compare dthat to their username. But if someone logs in as username instead of UserName then the case breaks even though it's the same user.
Using .ToUpper() or something like this on every check seems very flimsy and inefficient.
Upvotes: 0
Views: 138
Answers (2)
Reputation: 4841
String has a property for Equals:
User.Identity.Name.Equals("OtherName",StringComparison.CurrentCultureIgnoreCase)
Upvotes: 1
Reputation: 778
You can put an Authorize attribute above the action like this:
[Authorize(Users = "username")]
I'm not completely sure if it is case sensitive, but this is the best method for protecting actions and controllers. In addition, you can do the same with Roles:
[Authorize(Roles = "Administrator")]
Upvotes: 1
Related Questions
- Restrict users accessing other users' data
- ASP.NET MVC - Limit what users can view/edit
- Restricting access to Register User in Asp.net MVC
- MVC access restriction for logged in users
- .Net Web Application Restrict access
- Asp.net MVC Block a user from accessing entire application on certain conditions
- MVC 3 - access for specific user only
- How to implement only one user can access a certain the page - MVC 3
- Access control in a ASP.MVC application
- How do you restrict access to a certain user using ASP.NET MVC?