1

I have a route setup for this:

// Program.cs
// https://www.example.com/{clientID}/dashboard/index?id=

app.MapControllerRoute(
    name: "Portal",
    pattern: "{clientID}/{controller=Dashboard}/{action=Index}/{id?}");

I will always pull data based on the logged in user, not the URL. I want to prevent someone from logging in as client1 and changing the url to client2 without an unauthorized message.

Or better yet, prevent client1 from logging in from client2's portal. Currently, the URL is cosmetic only.

Even a way to change the URL back to the logged in client after each action would be sufficient. I'm looking for a way to do that globally instead of adding code after every action.

Is that possible? Thanks!

flashsplat
  • 433
  • 3
  • 13
  • How is your authentication done? This information needs to be either stored using it or fetched at runtime using a user ID from authentication. – juunas Aug 08 '22 at 02:51
  • You can inherit Authorize Attribute and write your custom logic to validate the request before it reaches to the controller action. – Chetan Aug 08 '22 at 03:09
  • @juunas I am using Microsoft Identity for authentication. – flashsplat Aug 08 '22 at 03:19
  • @Chetan Where/how would i validate before it reaches the controller. That's the piece i'm looking for. I don't even know what to google :(. Thanks! – flashsplat Aug 08 '22 at 03:20
  • https://stackoverflow.com/questions/10327342/mvc-custom-authorize-attribute-to-validate-the-request – Chetan Aug 08 '22 at 03:23
  • 1
    https://www.c-sharpcorner.com/article/validating-https-request-url-using-authorizationfilter/ – Chetan Aug 08 '22 at 03:23

0 Answers0