官术网_书友最值得收藏!

Using the [Authorize] attribute

AuthorizeAttribute will make sure if the user is authenticated or unauthenticated. Unauthorized error with HTTP status code 401 will be returned if the user is not authenticated and the corresponding action will not be invoked. Web API enables you to apply the filter in three ways. We can apply them at global level, or at the controller level, or at the individual action level.

Global authorization filter

To apply authorization filter for all Web API controllers, we need to add the AuthorizeAttribute filter to the global filter list in the Global.asax file as given below:

public static void Register(HttpConfiguration config)
{
    config.Filters.Add(new AuthorizeAttribute());
}

Controller level authorization filter

To apply an authorization filter for a specific controller, we need to decorate the controller with filter attribute as given in the following code:

// Require authorization for all actions on the controller.
[Authorize]
public class ContactsController : ApiController
{
    public IEnumerable<Contact> GetAllContacts() { ... }
    public IHttpActionResult GetContact(int id) { ... }
}

Action level authorization filter

To apply an authorization filter for specific actions, we need to add the attribute to the action method as given in the following code:

public class ContactsController : ApiController
{
    public IEnumerable<Contact> GetAllContacts() { ... }

    // Require authorization for a specific action.
    [Authorize]
    public IHttpActionResult GetContact(int id) { ... }
}
主站蜘蛛池模板: 南乐县| 金华市| 巍山| 绥芬河市| 莱阳市| 全椒县| 静安区| 苍溪县| 常宁市| 双鸭山市| 江川县| 普定县| 永州市| 乐安县| 临安市| 湖州市| 宁南县| 阳东县| 麻栗坡县| 文昌市| 洛南县| 子长县| 井研县| 湘阴县| 东平县| 农安县| 马尔康县| 静宁县| 绵阳市| 巴青县| 游戏| 麻栗坡县| 鲁山县| 景洪市| 开阳县| 永宁县| 龙南县| 罗定市| 乳源| 德惠市| 甘孜|