amcdnl amcdnl - 4 years ago 150
C# Question

.NET Web API 2 Authorize Attribute

My application is setup where all requests except login must be 'authorized' using the authorization attribute in Web API. E.g.

[HttpGet, Route("api/account/profile")]
public ApplicationUser Profile()
return userModel;

and only the login needs to not authorize since thats where you get the token ;)

[HttpPost, Route("api/account/login")]
public async Task<IHttpActionResult> Login(LoginViewModel model)

instead of having to add the
attribute to ALL my routes, is there a way to set it globally?

Answer Source

You have two options

  1. Controller level by decorating your controller with authorize attribute.

    public class AccountController : ApiController
  2. You can also set it global level to all routes, in Register method of WebApiConfig.cs file

     config.Filters.Add(new AuthorizeAttribute());
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download