4

Consider that a request is sent to this path:

http://domain/users/1534

This URL is in public security, so everyone can see it without being authenticated in the site (without being logged in).

Now consider that another URL should be secure:

http://domain/admin/update-user

This URL should pass the authentication process.

Now, In my code, somewhere I need to know if the current path is a secure path or not (please don't ask why, and also by secure path I don't mean SSL, I'm just talking about paths for which login is required).

How can I know that HttpContext.Request.Url.AbsolutePath is a secure path?

Update: What I need is something like:

SecurityHelper.ShouldCurrentRequestPathBeAuthenticated(Request.Url.AbsolutePath)
Improve this question

1 Answer 1

Reset to default
3

It depends on how you implement the authorization process. Somewhere you will need to define it, so that's how you know if it's secure path.

Standard ASP.NET would use the location/security settings in this case.

If your using standard authentication/authorization then I believe you can use CheckUrlAccessForPrincipal.

UrlAuthorizationModule.CheckUrlAccessForPrincipal(virtualPath, user, verb);
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I need a method. What do mean by location/security? See the update.
A method based on if you are using standard authorization or do you have your own logic for this?
Standard authorization (FormsAuthentication class).

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.