How to allow only specific users to specific pages when using query parameters like ...?id=3

I have a page that shows some data depending on the id param in request.

The user must be logged in

How should I stop the user from accessing certain ids that belong to other users. Is redirect the best choice?

Solution

You can check on the server-side before rendering the page, then redirect...etc:

void Page_Load(object sender, EventArgs e)
{    
    string bla = Request["key"] != null ? Request["key"] : "";
    if(String.IsNullOrEmpty(bla))
    if (bla=="yourvaluetocheck" && !User.IsInRole("theroletouse"))
    {
        Response.Redirect("~/permissiondenied.aspx");
    }
}

This a very simple example, I would put this type of logic in a central place in my application for re-use.

jQuery UI " $("#datepicker").datepicker is not a function"
Why do nested locks not cause a deadlock?
How import WebApplicationBuilder in a Class Library?
video file loaded sucussefully when run my website locally but not after publishing
Does the client knowing all the endpoint names pose a security risk?
Paging, sorting, searching on Ajax View in asp.net mvc
Dynamically added ListBox's EventHandler is not firing on ASP.Net
Asp.Net Core create a controller to send emails using SendGrid
How to constrain a POST call to just one submit button in ASP.NET Web pages?
Resx file default 'internal' to 'public'
How do I attach the debugger to IIS instead of ASP.NET Development Server?
Publishing ASP.NET Core 7 Web API on Windows Plesk - error: Could not load file or assembly 'Microsoft.Data.SqlClient'
Invoking SignalR from Postman
Parse ajax json response
How to update a List<> item's property in C#
In-line validation with dynamic components in Blazor/Mudblazor
How do I pass a Model from a View, to another view, without data getting Lost?
Process.Start(...) Suddenly Fails when Called by ASP.NET MVC 5 Running in IIS on Windows 10 and Windows Server 2019
How do you include a non-referenced dll when publishing a web application?
IIS 7.5 only shows directory list or 403 instead of ASP.NET Application
The request was aborted: Could not create SSL/TLS secure channel
Entity Framework vs Direct Data Access
How can I set Async="true" for all pages?
How do I encrypt URLs in ASP.NET MVC?
Login failed for user 'NT AUTHORITY\NETWORK SERVICE'
Publish ASP.NET app without certain folders
Multiple database in one transaction in Entity Framework
VSTS Build Pipeline: Test fails connecting to Azure Key Vault
How to Get BootStrapper.exe work in Windows Azure?
How to fix "No .NET SDKs were found." error--VSCode