Security Attributes

Question

Security Attributes

Asked 9 years, 1 month ago

Viewed 83 times

3

A friend asked me how to give more security in your application, to avoid a kind of "url injection", IE, someone manually type an "addicted" url and bypass the system. Of course, there are several types of encryption that could help, but the injection could bypass.

I once saw an example and I think it was here in Sopt (I’m not sure), someone talking to create a security attribute that would always validate the class he has the need not to allow the "intruder". I searched for "Attribute" and "Create attribute" or "Attribute Creation" and I couldn’t find anything, not what I was looking for and nothing like that.

So I ask, how do I create an attribute that always validates the user and password, without always asking that of the user, that is, as the user enters certain files, the attribute already validates this user invisibly and if you had no right of access, then we treat here?

But how to create the attribute itself, I see no problems, the question is to create an attribute that validates the user, I am not able to do.

We’re talking about ASP.NET MVC?

– Leonel Sanches da Silva

2015/10/21 at 18:08
He(my colleague) is using webapi

– pnet

2015/10/21 at 18:08
The intention that I told him, is to create an attribute and put on top of each class that there is a need for user validation. When instantiating the class, the object already validates the user.

– pnet

2015/10/21 at 18:10

1 answer

Browser other questions tagged c# asp.net-mvc asp.net-web-api

You are not signed in. Login or sign up in order to post.

by Leonel Sanches da Silva • **88,623** points · Answer 1 · 2015-10-21T18:14:49+00:00

4

For both ASP.NET MVC and Web API, we are talking about AuthorizeAttribute.

The questions I’ve already answered are here.

Basically this is what he does: by entering a Controller or Action that has this attribute marked, the system does a user validation, redirecting to a login screen if this is necessary.

What I saw was a custom attribute, I found it very interesting, but I’ll take a look at your link and see if that’s what we’re looking for. So, the example that the guy did didn’t redirect the login screen, it just validated the user already logged in and if it wasn’t authorized, he would give a message to the user, but this we customized here according to the rule, but what we don’t want is the redirect to the login screen, and I don’t know why of this, it’s just the rule for this task.

– pnet

2015/10/21 at 18:18
In the links I teach how to customize the authorization attribute.

– Leonel Sanches da Silva

2015/10/21 at 18:22
I’m reading and trying to help the guy, using the attribute on a webservice, is the same thing? For both asmx and Rest or has big difference?

– pnet

2015/10/21 at 18:38
No. To Webservice you better ask a more specific question.

– Leonel Sanches da Silva

2015/10/21 at 18:41