skip to Main Content

I’ve tried to improve my site’s security, & one of things I’ve tried is when a user is not admin & wants to access admin page, system returns NotFound. This makes impossible to a hacker to know your admin page. But how to do it?
This is what I’ve tried to. I’ve made a Middleware in program.cs to check for URL & redirect somewhere, which isn’t what I want. Even I’ve tried to set the status code to 404, but that doesn’t works. what I want to access here, is return NotFound (); Method. Is there a way to do it. Thanks

app.Use (async (context, next) =>
{
    if (context.Request.Path.StartsWithSegments ("/Admin"))
    {
        if (/* Checking if user is not admin */)
        {
            // context.Response.Redirect ("/");
            // The code to do same as return NotFound ();
        }
    }
    await next.Invoke ();
});

3

Answers


  1. // Write response
    context.Response.StatusCode = ((int)HttpStatusCode.NotFound);
    
    return;
    
    Login or Signup to reply.
  2. There’s also a better way I realized that doesn’t needs using Microsoft.Net:

    context.Response.StatusCode = 404;
    return;
    
    Login or Signup to reply.
  3. context.Response.StatusCode = StatusCodes.Status404NotFound;
    
    return;
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search