Base solution for your next web application
Open Closed

Can We use Impersonation for Toke Based Authentication #5005


User avatar
0
ni3rk created

Hi,

we can able to Call any api using token generated from portal in postman. How we can restrict User to not call any API using that token, and How we are going to Validate token is send by that user who has created it ?


1 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    @Ni3rk if you want to restrict some users from calling specific APIs, you can use Permissions, see <a class="postlink" href="https://aspnetboilerplate.com/Pages/Documents/Zero/Permission-Management">https://aspnetboilerplate.com/Pages/Doc ... Management</a>.

    Just define a permission, use it on the service or specific method you want and then assign this permission to a specific user or role you want that user/role to call this API.