I have a project which contains Company and Agency users.
I have a problem while I'm trying to show their data. For example: the agency can see other agency's data if they change's the value on the web browser searchbar. I want to block that vulnerability but I don't know how to do that.
I will be doing that first time so, thanks for any suggestions!
As I Understood from you in the comments the Term SearchBar you mean by it , the URL place in the browser.
As my best answer would be to add a Guid in the Company Model and map it to a uniqueidentifier in the sql server database, and when the value is inserted you generate a uniqueidentifier for this company.
then you start getting the company by that object key so that final product will be something like this :
http:///companyinfo?id=DE653F58-AB12-43F9-95CD-A7C3A856340A