I need authorization attribute to ensure that authenticated user can access in secure area

Question

0

Asked: June 18, 20262026-06-18T22:49:56+00:00 2026-06-18T22:49:56+00:00

I need authorization attribute to ensure that authenticated user can access in secure area

0

I need authorization attribute to ensure that authenticated user can access in secure area to manage his and only his data.

I was thinking to retrieve httpContext.User.Identity.Name and to match that to retrieved username from the database.

Is this basically good (secure) approach? or it can be done with better secure on the mind?

So, my controller is decorated with custom attribute

[UserAccountAuthorizeAttribute]
public ActionResult Edit(string username)
{
    return View();
}

and I’m overriding AuthorizeAttribute but in the debug mode got null value on following line

var rd = httpContext.Request.RequestContext.RouteData;
var username = rd.Values["username"]; // null

what can be aproblem ?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-18T22:49:57+00:00

Editorial Team

2026-06-18T22:49:57+00:00Added an answer on June 18, 2026 at 10:49 pm

You shouldn’t be putting the username in the querystring.

If you’re using the built in ASP.NET Membership provider your action would look something like this.

    [Authorize]
    public ActionResult Edit()
    {
        var userId = (Guid)Membership.GetUser().ProviderUserKey;

        var someService = new MyService();
        var someData = someService.GetSomeDataByUserId(userId);
        //...
    }

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I need authorization attribute to ensure that authenticated user can access in secure area

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply