You're working on an enterprise application where specific endpoints should be accessible only to users from the "HR" and "Admin" departments. How would you enforce this using the [Authorize] attribute?
- Define an authorization policy that checks the user's department and apply it using the [Authorize] attribute.
- Create a custom attribute for HR and Admin access and use it on the controller actions.
- Use role-based authorization and assign roles to users based on their department.
- Use URL-based access control by including department information in the route.
To restrict access to specific departments, you can define an authorization policy that checks the user's department and apply it using the [Authorize] attribute. This allows you to control access at the action level based on the user's department affiliation.
Loading...
Related Quiz
- In which directory of an ASP.NET Core MVC application would you find the Razor view files?
- You've heard about "middleware" in ASP.NET Core and learned that there's one for serving static content. What does this middleware help your web application do?
- In what scenario might you use the _ViewImports.cshtml file in conjunction with Razor Layout Views?
- In ASP.NET Core Identity, how can you enforce that passwords must contain a special character during user registration?
- In an e-commerce application, you have a controller that manages orders, and it is protected using the [Authorize] attribute. However, you wish to allow a public tracking feature where users can see the status of their order without logging in. How would you implement this?