Authorization inside a controller action_ASP.NET Web API Security Essentials-QQ阅读男频历史网

书名：ASP.NET Web API Security Essentials
作者名：Rajesh Gunasundaram
本章字数：88字
更新时间：2025-02-26 10:41:22

Authorization inside a controller action

Sometimes, it may be required to change the behavior after processing the request based on the principal. In such scenarios, we can implement authorization in a controller action. For example, if you would like to manipulate the response based on the user's role, we can verify the logged-in user role from the ApiController.User property in the action method itself:

public HttpResponseMessage Get()
{
    if (!User.IsInRole("Admin"))
    {
        // manipulate the response to eliminate information that shouldn't be shared with non admin users
    }
}