You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Dec 13, 2018. It is now read-only.
I have requirements which requires me to return a 401 or 403 if the request identity is not allowed to access a resource. The resource id is sent in the request in the body or as an id in the query string.
Can I implement this in a Policy, AuthorizationHandler, IAuthorizationRequirement? How can I access the body, querystring?
Or do I have to use ActionFilters to support this?
If not what is the recommended way to support this?
I have requirements which requires me to return a 401 or 403 if the request identity is not allowed to access a resource. The resource id is sent in the request in the body or as an id in the query string.
Can I implement this in a Policy, AuthorizationHandler, IAuthorizationRequirement? How can I access the body, querystring?
Or do I have to use ActionFilters to support this?
If not what is the recommended way to support this?