ASP.NET Web API Authorization with AuthorizeAttribute

2018-06-06 15:09:32

Using the new ASP.NET Web API beta. I can not seem to get the suggested method of authenticating users, to work. Where the suggested approach seems to be, to add the [Authorize] filter to the API controllers. For example:

[Authorize] 
public IEnumerable<Item> Get()
{
    return itemsService.GetItems();
}

This does not work as intended though. When requesting the resource, you get redirected to a login form. Which is not very suitable for a RESTful webapi.

How should I proceed with this? Will it work differently in future versions?, or should I fall back to implementing my own action filter?

Double check that you are using the System.Web.Http.AuthorizeAttribute and not the System.Web.Mvc.AuthorizeAttribute . This bit me before. I know the WebAPI team is trying to pull everything together so that it is familiar to MVC users, but I think somethings are needlessly confusing.

Set your authentication mode to None :

<authentication mode="None" />

None Specifies no authentication. Your application expects only anonymous users or the application provides its own authentication.

http://msdn.microsoft.com/en-us/library/532aee0e.aspx

Of course then you have to provide some sort of authentication via headers or tokens or something. You could also specify Windows and use the built in auth via headers.

If this site is mixed between API and actual pages that do need the Forms setting, then you will need to write your own handling.

All the attribute does is return an HttpUnauthorizedResult instance, the redirection is done outside of the attribute, so its not the problem, its your authentication provider.

Finally, I've found a solution at: ASP.NET MVC 4 WebAPI authorization

This article shows how you can fix this issue.

链接地址: http://www.djcxy.com/p/20532.html

上一篇: ASP.NET Web API中的自定义方法名称

下一篇: 带有AuthorizeAttribute的ASP.NET Web API授权