I am learning how ASP.NET Razor works and wondering how I implement data security within my application.
I've followed the tutorial here (https://docs.microsoft.com/en-us/aspnet/core/tutorials/razor-pages/?view=aspnetcore-2.2) but am not at the point where I would like to start limiting records returned and preventing access to certain entries.
For simplicity, I have 2 simple tables
:Sites - List of all the sites
SiteID (int/pk), SiteCode (nvarchar(6)), SiteName (nvarchar(100))
:UserSites - List of Sites user has access to
UserID (int), SiteID (int)
Currently when it loads using EF, it loads all records of my "sites", I would like to cross check my UserSites table and only load the sites the user has visible. Going forward, how do i also prevent the user from just putting the SiteID within the web link (Sites/Edit?id=3) and edit/access items they aren't supposed to?
I'm coming from winforms/direct SQL queries so my knownledge/experience around this area is quite new. Appreciate any guidance.
Cheers
