Actually I have a asp.net mvc web application Now I h开发者_开发问答ave a button which if a user has sufficient rights then its visibility is set as true or false (using jquery) Now, recently working through firebug in the browser i changed its visibility to true. It performed the action(which is wrong).
How to prevent this? Thanks.
You need to perform the authorization on the controller method or parent class that clicking your button invokes.
You can use the AuthorizeAttribute class to decorate your class.
There's more information here on MSDN regarding the Authorize Attribute.
You'll see examples on that page such as:
[Authorize(Roles = "Admin, Super User")]
public ActionResult AdministratorsOnly()
{
return View();
}
The underlining issue is validation should not be done client side. The clients browser can activate / deactivate anything and change any value.
If the user doe not have sufficient permissions do not render the button at all or (if design requires it) render a disabled button with no link so that the user could activate via dom manipulation but not click.
<% if (((int) ViewData["permission"]) >= 3) { // one of many ways to do this, perhaps not the best but quick. %>
<input type="button" />
<% } %>
精彩评论