what would be the best way to verify URLs in a multi-tenant architecture web-app to make sure that a user from one org does not gets access to the another org's data simply by changing the query string parameters. I dont want to be doing a verification on each page load. the app is being built on ASP.net 3.5.
+2
A:
You really shouldn't be controlling access to data based on the url. You should restrict data access by user authentication and unfortunately that means that you will have to verify on each page load, or more specifically on each data access.
Adam
2009-04-28 08:06:36