Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have problem to find the best way how isolate users data stored in db.
Now if i login and access to my profile i can see data loaded from db.
example .../myprofile/PeterM
but if i manualy change address to .../myprofile/MartaM i see data stored in db for user marta
how can i isolate members data.
Thanks for my maybe stupid question.
You should always check that the user who is accessing the data is allowed to do so. Don’t rely on just the querystring.
So for instance, instead of performing your database lookup based on the username in the querystring, get the information based off the currently authenticated user.
If I’m logged in as Brandon, then
GetUser(HttpContext.Current.User.Identity.Name);should always return my information, regardless of whose name is passed in to the controller action.Or just check that the username you’re retrieving is the same as
HttpContext.Current.User.Identity.Name