How to secure authiorization of methods
Posted
by Kurresmack
on Stack Overflow
See other posts from Stack Overflow
or by Kurresmack
Published on 2010-03-20T11:25:24Z
Indexed on
2010/03/20
11:31 UTC
Read the original article
Hit count: 282
I am building a web site in C# using MVC.Net
How can I secure that no unauthorized persons can access my methods?
What I mean is that I want to make sure that only admins can create articles on my page. If I put this logic in the method actually adding this to the database, wouldn't I have business logic in my data layer?
Is it a good practise to have a seperate security layer that is always in between of the data layer and the business layer to make?
The problem is that if I protect at a higher level I will have to have checks on many places and it is more likely that I miss one place and users can bypass security.
Thanks!
© Stack Overflow or respective owner