C# Question
.NET Web API 2 Authorize Attribute
My application is setup where all requests except login must be 'authorized' using the authorization attribute in Web API. E.g.
[Authorize]
[HttpGet, Route("api/account/profile")]
public ApplicationUser Profile()
{
return userModel;
}
and only the login needs to not authorize since thats where you get the token ;)
[AllowAnonymous]
[HttpPost, Route("api/account/login")]
public async Task<IHttpActionResult> Login(LoginViewModel model)
{
....
}
instead of having to add the
[Authorize]
Recommended for you: Get network issues from WhatsUp Gold. Not end users.
Answer Source
You have two options
Controller level by decorating your controller with authorize attribute.
[Authorize] [RoutePrefix("api/account")] public class AccountController : ApiController {You can also set it global level to all routes, in
Registermethod of WebApiConfig.cs fileconfig.Filters.Add(new AuthorizeAttribute());
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download