Reputation: 27955
How to specify user name and password for Web API GET request
ASP.NET MVC4 WebAPI application uses forms authentication for WebAPI:
[Authorize]
public class EntityController : APIBase
{
public HttpResponseMessage Get(string id,
string _sidx = null,
string _sord = null,
uint _page = 1,
uint _rows = 100,
string _filters = null,
int? _dokumnr = null,
int? _vmnr = null,
string _isik = null,
uint _npage = 1,
bool _unpaid = false,
uint _layout = 0,
string _culture = null
)
{
....
This requires passing authentication cookie. How to allow to call Get() method from browser url.
user name and password can specified in URL using
http:://user:[email protected]/API/Entity/Customer
or as query strings
http:://mysite.com/API/Entity/Customer?user=myuser&password=mypass
How to get user and password in API controller and log on by validation those credentials using form authentication just like Authorize attribute does ?
Or is there better way to invoke this API method from browser url `?
Upvotes: 3
Views: 3229
Answers (1)
Reputation: 1974
First of all, you should use ViewModels, because your Actions have a lot parameters, and for security reasons you should not pass the username and password via querystring. If you have a scenario more specific, you could create your own [Authorize] filter, and put your validation logic in there. Your authentication information, will hit the server via request Header.
Upvotes: 1
Related Questions
- how to add Authentication to web api
- MVC user Authentication using Web API
- asp.net web api - How to authenticate user
- How to Setup Authentication for Web API?
- Authorization and Authentication ASP.Net web api
- How do I achieve authorization with asp.net-web-api?
- How to use authentication with MVC Web API?
- Web API Request - Send back authentication request
- Authenticating via http using the web api in asp.net
- authorization in asp.net mvc 4 web api