Reputation: 2970
Roles in REST service
im developing REST service where have acces multiple users like standard user,insurance company or doctor etc.. All of this "users" have separate table in DB. After sign up of this users, token is generated and save in competent table. Now when one of this users send request e.g. doctor, /api/Doctor/Getpatients i check if token is valid and send response. My problem is when e.g insurance company send request to same url as doctor like /api/Doctor/Getpatients with valid token, i send response too, which is bad. I need some "Role management" which would ensure when e.g insurance comapny send request to doctors controller, response is unauthorized. Is any good practice how can i do that ?
Any help would be appreciated ..
Upvotes: 0
Views: 301
Answers (1)
Reputation: 2362
You should use Authorize attribute to prevent this. Where you can provide role of user. For your start you can refer below link which might give you all info you want:
Authentication & Authorizatio in aspnet web-api
Let me know if you stuck at somewhere.
Upvotes: 2
Related Questions
- Role Based Authentication for web API not working
- ASP.NET Core Web API and roles authorization
- how to get role in web api mvc c#?
- How to create roles and add users to roles in ASP.NET MVC Web API
- ASP.NET Web Api with Role based authorization
- WEB API Forms Authentication - Where can i set Roles for a User
- ASP.NET Web API role based security
- Implementing Authentication and role based authorization in ASP.NET MVC web API service and MVC client architecture
- Web API with Forms authentication and roles
- How to do role based authorization for asp.net mvc 4 web api