4

I need to implement ASP.NET Web API 2 i.e.

[RoutePrefix("orders")] 
public class OrdersController : ApiController 
{ 
    [Route("{id}")] 
    public Order Get(int id) { } 
    [Route("{id}/approve")] 
    public Order Approve(int id) { } 
}

I am wondering how it can be protected?

Can we use ASP.NET Identity for that, for instance?

Any clue?

NoWar
  • 36,338
  • 80
  • 323
  • 498

2 Answers2

5

You could add the [Authorize] attribute to the class and then send the basic authentication information via the header.

Mike Perrenoud
  • 66,820
  • 29
  • 157
  • 232
  • Sounds good! Could you provide any sample how to `send the basic authentication information via the header`. Also... Should it be ASP .NET identity database? – NoWar Jan 02 '14 at 13:13
  • 1
    @ClarkKent, here is an [example on how to build the header](http://stackoverflow.com/questions/2764577/forcing-basic-authentication-in-webrequest). And yeah, the basic ASP.NET user database. – Mike Perrenoud Jan 02 '14 at 13:15
  • 2
    There is a a complete example with source code on using basic authentication with ASP.NET Identity in the SimpleSecurity project https://simplesecurity.codeplex.com/SourceControl/latest#AspNetIdentity/SimpleSecurity.AspNetIdentity.Filters/BasicAuthorizeAttribute.cs . Look at the reference application for an example. – Kevin Junghans Jan 02 '14 at 14:48
  • @KevinJunghans Thank you! Put it like an aswer pls. At least I will +1 coz it has `How to add basic authentication to Web API's. `https://simplesecurity.codeplex.com/ – NoWar Jan 02 '14 at 16:38
2

You can create a custom AuthorizeAttribute using ASP.NET Identity that handles basic authentication for your Web API's. There is a a complete example with source code on using basic authentication with ASP.NET Identity in the SimpleSecurity Project. You can find the source code for the custom AuthorizeAttribute here. Look at the reference application for an example on how to use it. The source code for the client side code is here. There is a discussion on implementing basic authentication in Web API's here. Although this article references SimpleMembership the same principals were applied to the implementation using ASP.NET Identity.

Kevin Junghans
  • 17,475
  • 4
  • 45
  • 62