I’m new to Forms Authentication and am having difficulty with this problem: I have

Question

0

Editorial Team

Asked: May 29, 20262026-05-29T18:00:58+00:00 2026-05-29T18:00:58+00:00

I’m new to Forms Authentication and am having difficulty with this problem: I have

0

I’m new to Forms Authentication and am having difficulty with this problem:

I have a route set up like so:

routes.MapRoute(
       "Account", // Route name
       "Account", // URL with parameters
       new { controller = "Account", action = "MyAccount", username = UrlParameter.Optional } // Parameter defaults
);

MyAccount action:

[Authorize]
public ActionResult MyAccount(MyAccountModel model, string username)
{
    // Do stuff with username and model
}

I noticed a security flaw in that the user could go:

../Account/MyAccount?username=test

And specify any username to receive info on that user. Is there anyway I can make this secure? I need to pass that username to this method to get stuff from my custom membership provider

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-29T18:01:00+00:00

Editorial Team

2026-05-29T18:01:00+00:00Added an answer on May 29, 2026 at 6:01 pm

It sounds like what you want to do is test whether the username is equal to that of the currently authenticated user. Something like this:

[Authorize] 
public ActionResult MyAccount(MyAccountModel model, string username) 
{ 
    if (User.Identity.Name == username)
    {
        // Display account information
    }
}

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m new to Forms Authentication and am having difficulty with this problem: I have

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply