Posts tagged as "security"

Avoiding magic strings in ASP.NET MVC Authorize filters

Using the standard [Authorize] filter in ASP.NET MVC results in "magic strings"; comma-separated role names to define which roles are authorised to access that action. Take an example of a typical Forms Authentication setup, where you want to restrict an action to users in either the "Administrator" or "Assistant" role: ...