Menu
Scenario 1: Assume I have angular client with implicit grant type. I am also using asp.net identity to log in with database users. I log in as user Bob. I access my list of cars. For each car I have an option to edit my car. Each row has edit button and id of car.
Example of get url in each row: http://localhost:5000/cars/id/1
Let's say I enter randomly some id of car: http://localhost:5000/cars/id/345 which is someone else's user car.
How does identity server protects other user data in this situation?
Scenario 2: let's have identity manager set up with identity server openid authentication. Which username and password are we authenticating to gain access identity manager to manage users ? If it is user from aspnet identity database then every user inside there can access identity manager...?
300
They don’t. It’s not responsibility of Identity Server. Identity server main responsibility is to take care of Authentication.
109
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
