Security Attributes

Asked

Viewed 83 times

3

A friend asked me how to give more security in your application, to avoid a kind of "url injection", IE, someone manually type an "addicted" url and bypass the system. Of course, there are several types of encryption that could help, but the injection could bypass.

I once saw an example and I think it was here in Sopt (I’m not sure), someone talking to create a security attribute that would always validate the class he has the need not to allow the "intruder". I searched for "Attribute" and "Create attribute" or "Attribute Creation" and I couldn’t find anything, not what I was looking for and nothing like that.

So I ask, how do I create an attribute that always validates the user and password, without always asking that of the user, that is, as the user enters certain files, the attribute already validates this user invisibly and if you had no right of access, then we treat here?

But how to create the attribute itself, I see no problems, the question is to create an attribute that validates the user, I am not able to do.

  • We’re talking about ASP.NET MVC?

  • He(my colleague) is using webapi

  • The intention that I told him, is to create an attribute and put on top of each class that there is a need for user validation. When instantiating the class, the object already validates the user.

1 answer

4


  • What I saw was a custom attribute, I found it very interesting, but I’ll take a look at your link and see if that’s what we’re looking for. So, the example that the guy did didn’t redirect the login screen, it just validated the user already logged in and if it wasn’t authorized, he would give a message to the user, but this we customized here according to the rule, but what we don’t want is the redirect to the login screen, and I don’t know why of this, it’s just the rule for this task.

  • In the links I teach how to customize the authorization attribute.

  • I’m reading and trying to help the guy, using the attribute on a webservice, is the same thing? For both asmx and Rest or has big difference?

  • No. To Webservice you better ask a more specific question.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.