Home/ Questions/Q 366571
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-12T13:38:44+00:00

We want to prevent other users from editing other users profile, still allowing a

  • 0

We want to prevent other users from editing other users profile, still allowing a superUser to manage all profiles. I don’t know the best way of doing this, I am sure I can accomplish it, I am mainly looking for the best way or best approach.

I thought about putting an IF before the line below that will show that line in that condition, but I don’t think that is the best way, since other users might guess the edit url like: domain.com/user/edit/5 for example.

    <%=Html.ActionLink("Edit", "Edit", new { id=Model.UserID }) %>

We are using: ASP.NET MVC, SQL Database, and ADO.NET for database. Also: OpenID subscription.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You’ll need to write some code in the controller action. Basically something like:

    MembershipUser user = Membership.GetUser();

if (!User.IsInRole("Administrator") && (user.ProviderUserKey != id))
  return View("Unauthorized");

    In your case for OpenID, it will work pretty much the same. Assume this is pseudocode:

    var user = GetLoggedInUser();

if (!IsAdmin(user) && (user.UserID != id))
  return View("Unauthorized");

    where GetLoggedInUser gets the user object for the current user, and IsAdmin figures out if a user object is an admin.

    • 0