asp.net - .NET Mvc and Web Api Filter Authorization, How and Where? -


i have been reading , searching best practice doing this.

i "learning" web asp .net mvc , web api 2.2.

i in point of authentication , authorization, understand meanning , difference in 1 , another. problem come authorization, know allow/deny access using filter , use roles.

but beside dont know implement logic authorize user action, or see data, example:

a user authenticated , have role pilot

this user enter controller/action example flight/getpassengers/1

where getpassengers action retreive passengers flight #1

let's imagine current logged user on role pilot wants view list of flight because allowed to, can't see passengers of flights, example flight/passengers/3 flight #3 user pilot.

where best place put validation logic?

inside action: getpassengers? don't think so, because if later in controller (flight) need validate if same info belongs current user (pilot) have repeat piece of code (dry)

so, maybe custom filter?

i find article (here) not sure if in there , how gets implementated. have implementation, this:

public class customfilter inherits actionfilterattribute implements iactionfilter  public overrides sub onactionexecuting(filtercontext actionexecutingcontext)     mybase.onactionexecuting(filtercontext) end sub  public overrides sub onactionexecuted(filtercontext actionexecutedcontext)     mybase.onactionexecuted(filtercontext) end sub  end class

is creating type of filters , after using on controllers/actions correct way achieve this?

or how type of logic handled?

thanks suggestions

you should implement custom authorizeattribute can encapsulate logic. careful in way implement them, try not have several authorize filters. impact perfomance of application. design 1 can used widely.


-

Comments

Post a Comment

Popular posts from this blog

OpenCV OpenCL: Convert Mat to Bitmap in JNI Layer for Android -

there several posts converting mat bitmap using utils.mattobitmap() function. i'm assuming function can called in java layer after importing utils class. i want transfer data memory address pointed uint32_t* bmpcontent; in code below. jniexport void jnicall java_com_nod_nodcv_nodcvactivity_runfilter( jnienv *env, jclass clazz, jobject outbmp, jbytearray indata, jint width, jint height, jint choice, jint filter) { int outsz = width*height; int insz = outsz + outsz/2; androidbitmapinfo bmpinfo; if (androidbitmap_getinfo(env, outbmp, &bmpinfo) < 0) { throwjavaexception(env,"gaussianblur","error retrieving bitmap meta data"); return; } if (bmpinfo.format != android_bitmap_format_rgba_8888) { throwjavaexception(env,"gaussianblur","expecting rgba_8888 format"); return; } uint32_t* bmpcontent; if (androidbitmap_lockpixels(env, outbmp,(void**)&bmpcontent)...
Read more

android - org.xmlpull.v1.XmlPullParserException: expected: START_TAG {http://schemas.xmlsoap.org/soap/envelope/}Envelope -

i trying hit soap api in application login purpose , getting above mentioned error , can 1 tell me going wrong , first time soap apis. here code hit soap :- vector<object> args = new vector<object>(); hashtable<string, object> hashtable = new hashtable<string, object>(); hashtable.put("email", "mss.siddhart28@gmail.com"); hashtable.put("password", "siddharth"); args.add(hashtable); soapserializationenvelope envelope = new soapserializationenvelope( soapenvelope.ver11); envelope.dotnet = true; envelope.xsd = soapserializationenvelope.xsd; envelope.enc = soapserializationenvelope.enc; (new marshalhashtable()).register(envelope); httptransportse androidhttptransport = new httptransportse( "http://tempuri.org/", 15000); androidhttptransport.debug = true; string result = ""; try { soapobject request = new soapobject("http:...
Read more

python - How to remove the Xframe Options header in django? -

i have made page has iframe . inside iframe want show multiple different links article facebook, or news, or youtube video or other possible url. but, due xframe header, unable so. referred following link: https://docs.djangoproject.com/en/1.8/ref/clickjacking/ , django xframeoptionsmiddleware (x-frame-options) - allow iframe client ip but didn't help. my settings.py file's middleware_classes is: middleware_classes = ( 'django.contrib.sessions.middleware.sessionmiddleware', 'django.middleware.common.commonmiddleware', 'django.middleware.csrf.csrfviewmiddleware', 'django.contrib.auth.middleware.authenticationmiddleware', 'django.contrib.auth.middleware.sessionauthenticationmiddleware', 'django.contrib.messages.middleware.messagemiddleware', 'django.middleware.clickjacking.xframeoptionsmiddleware', ) from http://django-secure.readthedocs.org/en/latest/middleware.html , found using ...
Read more