Security approach in web application

Posted by meep on Stack Overflow See other posts from Stack Overflow or by meep
Published on 2010-05-18T09:48:15Z Indexed on 2010/05/18 10:10 UTC
Read the original article Hit count: 287

Filed under:
|
|
|

Hello everyone.

I am designing a web application in ASP.NET / C# where each registered user has the ability to add/modify/delete rows based on their user-id.

Take this example:

I am going to edit my route on the page /route.aspx?routeid=854 which belongs to me (user-id: 1).

But because I am a curious guy I try to access /route.aspx?routeid=855 which belongs to another user (user-id: 2).

How can I best avoid people from accessing other peoples data? Should I send each user id (from session) with each database-call, should I validate user/password on every page load or what is the best and most secure approach?

I hope I made this clear enough.

© Stack Overflow or respective owner

Related posts about ASP.NET

Related posts about c#