Skip to main content

Insecure Access Control

Why is this important?

Access Control is one of the most fundamental security requirements. Any problems with managing access control can allow attackers to bypass business logic and access data from other users.

Check out this video for a high-level explanation:

Access Control Issues

References:

Fixing Insecure Access Control

Option A: Avoid mixing Outputcache with Authorize annotations

Having the annotation [OutputCache] will disable the annotation [Authorize] for the requests following the first one.

Detailed Instructions

  1. Go through the issues that GuardRails identified in the PR.

  2. Locate the following pattern:

    [Authorize]
    public class AdminController : Controller
    {
    [OutputCache]
    public ActionResult Index()
    {
    return View();
    }
    }
  3. And modify it as shown below:

    [Authorize]
    public class AdminController : Controller
    {
    public ActionResult Index()
    {
    return View();
    }
    }
  4. Test it, ship it 🚢 and relax 🌴

More information: