Is it possible to use Windows authentication only for a single controller in ASP.NET Web API?

Asked Jun 04 '15 at 08:38

Active Jun 04 '15 at 08:38

Viewed 410 times

I have a REST API made with ASP.NET Web API with a controller action for which I want to restrict the access.

Basically, this action would delete the whole database behind my application, that's why I need to restrict it.

MSDN states I have to modify Web.config to turn on Windows authentication for my whole application:

<system.web>
  <authentication mode="Windows" />
</system.web>

But I would like to expose my whole API to the internet without any authentication, and only enable the Windows authentication and authorization for this specific controller action.

Is it possible? Everywhere on the internet I see only examples which would restrict the whole app.

asked Jun 04 '15 at 08:38

asdfghjkl

The `` tag can be applied once for the entire application http://stackoverflow.com/questions/318816/multiple-different-authentication-settings-in-web-config – Tasos K. Jun 04 '15 at 08:42
I found some information on the internet: "You can set per-route message handlers, which lets you apply an authentication scheme to a specific route." - Maybe this is what I need... – asdfghjkl Jun 04 '15 at 09:04

Is it possible to use Windows authentication only for a single controller in ASP.NET Web API?

0 Answers0