CODEWITHSUNDEEP
breeze
Rave
Rave

Reputation: 53

How to authorize BreezeController webapi call

I created a new MVC4 Application and install nuget package Breeze.MVC4WebApiClientSample

Inside the BreezeSampleController, i added an "Authorize" attribute. When i browse to here http://localhost:XXXXX/api/BreezeSample/todos, i can still see the data.

How can i authorize the call? I tried to remove the BreezeController attribute and add these [ODataActionFilter, JsonFormatter] but i have another error (The action 'Posts' on controller 'Posts' ..... cannot support querying)

Upvotes: 0

Views: 762

Answers (2)

Jay Traband
Jay Traband

Reputation: 17052

As of breeze v0.82.1, this should now be fixed. The BreezeController attribute will no longer cause the removall of any authorization attributes.

Upvotes: 1

Ward
Ward

Reputation: 17863

My bad. The [BreezeController] attribute was too aggressive in removing ambient action filters; it apparently removed the filter responsible for the [Authorize] attribute. I have a fix that is currently under review.

The "[ODataActionFilter, JsonFormatter]" formula didn't suffer from this problem because it didn't remove any existing filters. Of course that was a problem too. If you used the new ASP.NET MVC SPA template ... and I think you are! ... then its QueryFilterProvider conflicted with our ODataActionFilter ... which is why we invented the [BreezeController] attribute and why, I think, that you're getting the error about not supporting querying. Can you confirm that you built your app from that SPA template?

Btw ... what 'Posts' action are you talking about? The "Breeze.MVC4WebApiClientSample" does not have such an action.

In any case, we expect to have the [BreezeController] attribute working properly with [Authorize] very soon.

Upvotes: 1

Related Questions