You can not block URL
. In this case, you have to make the control within your Action. If the logged in user is 1 (per session, cookie or any form of control you have), and try to access the 2, you check if the logged in user is the same one that is trying to fetch the information, for another Action. Example below:
[Authorize]
public ActionResult Usuario(int id)
{
var usuarioLogado = UsuarioServico.SessaoUsuarioLogado();
// Sua logica de validação, eu uso session
if (id != usuarioLogado.UsuarioID)
{
return RedirectToAction("Sem Acesso", "Usuario");
}
using (var db = new Conexao())
{
var usuario = db.Usuario.Find(id);
return View(usuario);
}
}
Session User Login Function
public static UsuarioLogadoDTO SessaoUsuarioLogado()
{
return HttpContext.Current.Session[Constante.sessaoUsuarioLogado] as UsuarioLogadoDTO;
}