Securing the back-end action methods

Before testing our authentication and authorization implementation, we should spend two more minutes to protect our back-end routes just like we did with the front-end ones. As we already know, we can do that using AuthorizeAttribute, which can restrict access to Controllers and/or action methods to the registered users only.

To effectively shield our .NET Core Web API against unauthorized access attempts, it can be wise to use it on the PUT, POST, and DELETE methods of all our Controllers in the following way:

  1. Open the /Controllers/CitiesController.cs file and add the [Authorize] attribute to the PutCity, PostCity, and DeleteCity methods:
using Microsoft.AspNetCore.Authorization;// ...[Authorize][HttpPut("{id}")] ...

Get ASP.NET Core 3 and Angular 9 - Third Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.