How to properly deal with unwanted access from asp.net-mvc (mostly id)

Question

How to properly deal with unwanted access from asp.net-mvc (mostly id)

let's say I have this url:

http://myweb/item/info/1

with reference to

http://myweb/item/edit/1

and I don't want the user to manually change to

http://myweb/item/edit/2

I would like the user to click a link from the info page so they can access the edit page.

how would you manage it?

0

asp.net-mvc

Fredou May 21 '09 at 15:18

a source to share

1 answer

Compile This · Accepted Answer · 2009-05-21T15:22:57+0000

Personally, I wouldn't want the user to do this; it's not terribly intuitive for a URL to work in one context and not another.

Instead, I would make sure the user has edit permission on the element in question as part of the controller method for the "edit" action and redirecting to the error page if they don't.

How to properly deal with unwanted access from asp.net-mvc (mostly id)

More articles: