Reputation: 20224
Secure WebAPI via Global filter
I found that I can secure all MVC Controllers in an MVC app by just adding the line
filters.Add(new System.Web.Mvc.AuthorizeAttribute());
to RegisterGlobalFilters. My ApiControllers still have to be secured by manually adding the [Authorize] attribute. Is there a similar line that I can add to secure all my WebAPI ApiControllers as well?
The [Authorize] Attribute of WebAPI is in System.Web.Http.AuthorizeAttribute, but I did not succeed with
filters.Add(new System.Web.Http.AuthorizeAttribute());
which throws the error
The given filter instance must implement one or more of the following filter interfaces: IAuthorizationFilter, IActionFilter, IResultFilter, IExceptionFilter.
Upvotes: 1
Views: 2421
Answers (1)
Reputation: 7119
I'm assuming you're registering against the GlobalFilterCollection in your question, but that applies to MVC. You need to register the AuthorizeAttribute in WebApiConfig.cs:
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
config.Filters.Add(new AuthorizeAttribute());
// Other web api config rules...
}
}
Upvotes: 5
Related Questions
- How to enable CORS in ASP.net Core WebAPI
- The request was aborted: Could not create SSL/TLS secure channel
- Exception filter not working in web api
- Is it secure to store a WebAPI JWT access token as an encrypted FormsAuthenticationTicket in Response.Cookies (in asp.net mvc)
- How do I log ALL exceptions globally for a C# MVC4 WebAPI app?
- An exception of type 'System.InvalidOperationException' occurred in System.Web.Mvc.dll but was not handled in user code
- in MVC4 shows and error that I have to implement some Interface but I am already done it
- Use Asp.Net Identity to secure WebApi controllers
- Custom Action Filter ASP.NET MVC 4