你的位置：首页>programmer>c# - Denying access to users on an ASP.NET Core Web API endpoint - Stack Overflow

c# - Denying access to users on an ASP.NET Core Web API endpoint - Stack Overflow

programmeradmin2025-04-261浏览0评论

I have an endpoint in my API like: api/users/{:userId}/...

I only want the user with userId to have access to his own endpoint and not to the endpoints of any other user.

I implemented a JWT Bearer token, which is used for authorization. I get the id from it and check if it matches the route the user wants to access:

[HttpGet("{userId:int}"), Authorize]
public async Task<ActionResult> GetUserById([FromRoute] int userId)
{
    var id = int.Parse(User.FindFirstValue(ClaimTypes.NameIdentifier));

    if (id != userId)
    {
        return BadRequest("Access denied.");
    }
    
    var user = await unitOfWork.UserRepository.GetUserByIdAsync(userId);
    
    if (user == null)  
        return NotFound("User not found");

    return Ok(user);
}

Now, I don't think this is the correct approach. The token can easily be tampered with and the id changed. How else could I do this?

与本文相关的文章

c# - Denying access to users on an ASP.NET Core Web API endpoint - Stack Overflow

评论列表(0)

暂无评论

科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

与本文相关的文章

评论列表(0)