- ASP.NET Web API Security Essentials
- Rajesh Gunasundaram
- 222字
- 2021-07-30 10:15:54
Using the [Authorize] attribute
AuthorizeAttribute will make sure if the user is authenticated or unauthenticated. Unauthorized error with HTTP status code 401 will be returned if the user is not authenticated and the corresponding action will not be invoked. Web API enables you to apply the filter in three ways. We can apply them at global level, or at the controller level, or at the individual action level.
Global authorization filter
To apply authorization filter for all Web API controllers, we need to add the AuthorizeAttribute filter to the global filter list in the Global.asax file as given below:
public static void Register(HttpConfiguration config)
{
config.Filters.Add(new AuthorizeAttribute());
}
Controller level authorization filter
To apply an authorization filter for a specific controller, we need to decorate the controller with filter attribute as given in the following code:
// Require authorization for all actions on the controller.
[Authorize]
public class ContactsController : ApiController
{
public IEnumerable<Contact> GetAllContacts() { ... }
public IHttpActionResult GetContact(int id) { ... }
}
Action level authorization filter
To apply an authorization filter for specific actions, we need to add the attribute to the action method as given in the following code:
public class ContactsController : ApiController
{
public IEnumerable<Contact> GetAllContacts() { ... }
// Require authorization for a specific action.
[Authorize]
public IHttpActionResult GetContact(int id) { ... }
}- INSTANT Mock Testing with PowerMock
- Boost程序庫完全開發指南:深入C++”準”標準庫(第5版)
- AngularJS Testing Cookbook
- .NET 4.0面向對象編程漫談:基礎篇
- C語言從入門到精通(第4版)
- 微信小程序項目開發實戰
- 深入RabbitMQ
- Spring+Spring MVC+MyBatis整合開發實戰
- Creating Data Stories with Tableau Public
- 智能手機故障檢測與維修從入門到精通
- 軟件測試技術
- C語言程序設計教程
- Swift 2 Design Patterns
- 大話C語言
- AngularJS Web Application Development Cookbook