Hi all,
due to my age (hmm, it sounded like a good excuse at least) I've been clawing myself to the WebForms paradigm for far too long and have decided to take the leap to the ASP.NET MVC (Core and Blazor would be fun, but unfortunately many of the hosting services I have to work with don't support it yet).
One question that struck me though is regarding security and authentication?
How do one make sure that the calls for instance the .Read, .Update or .Destroy on the Kendo UI Grid is only accessible if a user is logged on?
Hello Johannes,
Thank you for writing to us.
To restrict unauthenticated users from accessing an endpoint, you can use the Authorize attribute. In particular, you use the Authorize attribute when you want to restrict access to an action method and make sure that only authenticated users can execute it.
https://docs.microsoft.com/en-us/dotnet/api/system.web.mvc.authorizeattribute?view=aspnet-mvc-5.2
[Authorize] public ActionResult Items_Read([DataSourceRequest] DataSourceRequest request)