官术网_书友最值得收藏!

Authentication and authorization

We have created a simple web API that returns the list of contacts or specific contacts by ID. This web API can be accessed by any client that supports HTTP and is not secured enough. With the help of authentication and authorization mechanisms, we can secure this web API from unauthorized access.

  • Authentication mechanism helps in identifying the valid user and authenticating them using the identity of the user. Here, the identity can be a username and password.
  • Authorization mechanism helps in restricting unauthorized access to an action. For example, An unauthorized user can get the list of contacts. But he is restricted to create new contact.

Authentication

Authentication is carried out in the host Internet Information Service (IIS) for web API. Internet Information Service uses HTTP modules for authentication. We can also implement custom authentication with our own HTTP module.

The host creates a principal when it authenticates the user. Principal is an IPrincipal object that represents the security context under which the code is running. You can access the current principal from Thread.CurrentPrincipal, which is attached by the host. The user information can be accessed from the Identity object of principal. The Identity.IsAuthenticated property returns true if the user is authenticated. The Identity.IsAuthenticated will return false if the user is not authenticated.

Authorization

Authorization happens after successful authentication is provided to the controller. It helps you to grant access to resources when more granular choices are made.

For any unauthorized requests, the authorization filter returns an error response and does not allow the action to be executed. This happens as the authorization filters will be executed first before any statements in the controller action.

主站蜘蛛池模板: 甘谷县| 平乐县| 宁化县| 宜兰县| 蒲城县| 辉县市| 平阳县| 昭苏县| 汉源县| 张家港市| 裕民县| 额济纳旗| 喜德县| 宾川县| 怀安县| 垦利县| 岑溪市| 兴和县| 绥阳县| 武城县| 贵州省| 英山县| 镇坪县| 措勤县| 莫力| 德令哈市| 德安县| 无锡市| 德格县| 秭归县| 曲阜市| 江源县| 卢龙县| 临安市| 平遥县| 安新县| 株洲县| 丰镇市| 蒲城县| 平阳县| 波密县|