Security Attributes

3

A friend asked me a way to give more security in your application, to avoid a type of "url injection", ie someone manually type a "hooked" url and circumvent the system. Of course, there are several types of encryption that could help, but the injection could circumvent.

Once I saw an example and I think it was here in SOpt (not sure), someone talking to create a security attribute that always validates the class that it has the need to not allow the "intruder". I searched for "Attribute" and "Create Attribute" or "Attribute Creation" and could not find anything, what I was looking for and nothing of the sort.

So I ask, how do I create an attribute that always validates the user and password, without always asking the user for it, that is, as the user enters certain files, the attribute already validates that user invisibly and if he had no right of access, then do we deal here?

But how to create the attribute itself, I do not see problems, the question is to create an attribute that validates the user, this I can not do.

    
asked by anonymous 21.10.2015 / 20:04

1 answer

4

For both ASP.NET MVC and Web API, we're talking about AuthorizeAttribute ".

The questions I've answered about are here .

Basically this is what it does: when entering an Controller or Action that has this attribute checked, the system performs a user validation by redirecting to a Login screen if this is necessary.

    
21.10.2015 / 20:14