How to secure authorization of methods

Posted by Kurresmack on Stack Overflow See other posts from Stack Overflow or by Kurresmack
Published on 2010-03-20T11:25:24Z Indexed on 2010/03/20 16:41 UTC
Read the original article Hit count: 339

Filed under:
|
|
|

I am building a web site in C# using MVC.Net

How can I secure that no unauthorized persons can access my methods?

What I mean is that I want to make sure that only admins can create articles on my page. If I put this logic in the method actually adding this to the database, wouldn't I have business logic in my data layer?

Is it a good practise to have a seperate security layer that is always in between of the data layer and the business layer to make?

The problem is that if I protect at a higher level I will have to have checks on many places and it is more likely that I miss one place and users can bypass security.

Thanks!

© Stack Overflow or respective owner

Related posts about c#

Related posts about security