You're working on an enterprise application where specific endpoints should be accessible only to users from the "HR" and "Admin" departments. How would you enforce this using the [Authorize] attribute?

  • Define an authorization policy that checks the user's department and apply it using the [Authorize] attribute.
  • Create a custom attribute for HR and Admin access and use it on the controller actions.
  • Use role-based authorization and assign roles to users based on their department.
  • Use URL-based access control by including department information in the route.
To restrict access to specific departments, you can define an authorization policy that checks the user's department and apply it using the [Authorize] attribute. This allows you to control access at the action level based on the user's department affiliation.
Add your answer
Loading...

Leave a comment

Your email address will not be published. Required fields are marked *