Reputation: 549
authorization in asp.net mvc 4 web api
I've been following a series of videos on how to create a web API using MVC 4. The sixth video describes the authorization process, but it is both too complex for what I want, and it somehow redirects to a form (which makes no sense to me, but then I'm new to this stuff).
I've used API's from other sites, and they usually use one of 2 methods:
a token in the url (http://myurl/api/service/?token=[bunch of characters here]
a username or password (or token) in the header
I'm leaning towards the second method, as it means I wouldn't have to add a parameter to each of my methods.
If I use this approach, do I need to add code to the beginning of each method to check the headers (request.headers?) for username/password (then find them in our database and see if they have permission to access this method)...Or is there a simpler way of doing this?
Upvotes: 2
Views: 5241
Answers (1)
Reputation: 1409
You can mark your Controller class with attribute which is derived from AthorizationFilterAttribute. http://msdn.microsoft.com/en-us/library/system.web.http.filters.authorizationfilterattribute(v=vs.108).aspx
In this case you will not need to write authorization checks in every method, but only in one place. This approach is well described under the following link:
Upvotes: 4
Related Questions
- ASP .NET 4.7 MVC Authentication and Authorization Identity
- How to implement Authorization in ASP.NET Web API using Windows Azure
- web api authentication in MVC application?
- Authorization and Authentication ASP.Net web api
- Web api authentication and MVC 4
- Authorization of Web Api
- How do I achieve authorization with asp.net-web-api?
- ASP.NET Web API and Authorization
- How to use authentication with MVC Web API?
- How to do role based authorization for asp.net mvc 4 web api