0

I have coded a C# MVC 5 Internet application and have a question about the authorize attribute.

Is there better security for this attribute in a controller?

Here is the situation that I have... if a user registers a username and a password, and then logs in with this username and password, the user can then access a controller with the authorize attribute.

If I change the database name, such that a new database is created, then load the Index view, the view still thinks that the user is logged in, and can access the controller with the authorize attribute.

Is there some way to prevent this? Should I just do a quick check to see if the username and password are correct for the current database, or is there an easier/better way?

Christoph Fink
  • 22,727
  • 9
  • 68
  • 113
Simon
  • 7,991
  • 21
  • 83
  • 163

1 Answers1

1

The question is, do you really have this problem? If you rename your database name then you should restart your mvc application or the complete webserver.

Another way is to log out all users described in How can I force a log out of all users for a website?

Community
  • 1
  • 1
dknaack
  • 60,192
  • 27
  • 155
  • 202
  • 1
    I definitely agree: New DB -> restart app! If you are using `ASP.NET Identity 2` you can also use the "log-out everywhere feature"... – Christoph Fink Jul 25 '14 at 09:00