You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/in-depth/server/index.md
+5Lines changed: 5 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -200,6 +200,11 @@ To use this access control provider, update your `TableController` as follows:
200
200
201
201
If you want to allow both unauthenticated and authenticated access to a table, decorate the controller with `[AllowAnonymous]` instead of `[Authorize]`.
202
202
203
+
!!! warning
204
+
It is very easy to accidentally leak data for a different user when using access control providers to limit the data. If the operation is create and the entity that exists is for another user, the response will contain the information for the other user.
205
+
206
+
To prevent this data leakage case, it is important to add a filtering that ensures the data being returned is for the same user.
207
+
203
208
## Configure logging
204
209
205
210
Logging is handled through [the normal logging mechanism](https://learn.microsoft.com/aspnet/core/fundamentals/logging/?view=aspnetcore-10.0) for ASP.NET Core. Assign the `ILogger` object to the `Logger` property:
0 commit comments