how else protecting against vulnerability? in mvc application separated in multiple logical layers i.e. presentation layer (mvc) > service layer > business layer > repository layer. matter of performing check @ controller level e.g.
[authorize] public class accountscontroller : controller { [httpget] public actionresult details(long accountnumber) { var account; //account = call service layer account. if (account.userid != user.identity.getuserid()) { return new httpunauthorizedresult("user not authorized."); } } } is there particular design pattern can use improve design? furthermore wouldn't better perform check in service layer?
Comments
Post a Comment