Maybe the answer to the following is simple, but I have hard time finding the answer:
When I have a GET method in a controller that is secured with the [Authorize] attribute, and a POST method (defined with [HttpPost]), will the same restrictions apply to it as well? Both methods have the same name, but differ in parameters.
Example code:
[Authorize(Roles = "Administrator")]
public ActionResult Delete()
{
return View();
}
[HttpPost]
public ActionResult Delete(int id)
{
/* the method's logic omitted */
return RedirectToAction("Index");
}
No, the controller considers these two separate actions (since that's what they are), and as such, don't share restrictions.