A user can't edit/view the records of other users. Edit/View is allowed only to the owner of the record. When the passes id of other user's record, the application allows him to edit it.
I need to verify the ownership before editing or viewing the record.
My question is almost same as this.
Get the logged-in user -
public static Guid? LoggedInUserGuid()
{
var loggedInUser = Membership.GetUser(false);
if (loggedInUser != null)
{
return (Guid)Membership.GetUser(false).ProviderUserKey;
}
return null;
}
If the LoggedInUserGuid is the same as the request record then ... else ....