Preventing Broken Object Level Authorisation in ASP.NET Core APIs
An authenticated user calls your API with a valid access token. The token contains the right role and the endpoint requires authorisation. Everything appears secure. The user then changes /claims/8d61
Jul 18, 202610 min read1

