You are building a blog application where only the blog author should be able to edit or delete a post. How would you use the [Authorize] attribute to achieve this behavior?
- Apply [Authorize] to the Edit and Delete actions
- Apply [Authorize] to the entire controller
- Use [Authorize(Roles = "Admin")] for blog authors
- Use [AllowAnonymous] for blog authors
To ensure that only the blog author can edit or delete a post, you would apply the [Authorize] attribute to the Edit and Delete actions in the controller. This allows you to specify authorization at the action level, and you can further customize it to check if the user making the request is the author of the post being edited or deleted. Applying [Authorize] to the entire controller would restrict access to all actions within it, which is not the desired behavior in this case. [Authorize(Roles = "Admin")] is role-based authorization and doesn't address this scenario, and [AllowAnonymous] would allow everyone, which is the opposite of the desired behavior.
Loading...
Related Quiz
- What purpose does the .NET Core CLI serve in ASP.NET Core development?
- In comparison to the traditional ASP.NET, how does ASP.NET Core handle configuration data?
- How did project.json handle transitive dependencies differently than the NuGet approach in previous ASP.NET versions?
- What is the primary difference between the Process and ProcessAsync methods when defining a custom Tag Helper?
- If an action within a controller with [Authorize] should be accessible without authorization, you can use the [_________] attribute.