You are building a blog application where only the blog author should be able to edit or delete a post. How would you use the [Authorize] attribute to achieve this behavior?

  • Apply [Authorize] to the Edit and Delete actions
  • Apply [Authorize] to the entire controller
  • Use [Authorize(Roles = "Admin")] for blog authors
  • Use [AllowAnonymous] for blog authors
To ensure that only the blog author can edit or delete a post, you would apply the [Authorize] attribute to the Edit and Delete actions in the controller. This allows you to specify authorization at the action level, and you can further customize it to check if the user making the request is the author of the post being edited or deleted. Applying [Authorize] to the entire controller would restrict access to all actions within it, which is not the desired behavior in this case. [Authorize(Roles = "Admin")] is role-based authorization and doesn't address this scenario, and [AllowAnonymous] would allow everyone, which is the opposite of the desired behavior.
Add your answer
Loading...

Leave a comment

Your email address will not be published. Required fields are marked *