i951116 i951116 - 3 months ago 22
C# Question

How can I protect my asp.net web api? I can not understand the template well

I am new to ASP.NET MVC. Now all I know is how to add the authorize attribute to my controller or action.

How can I check if I have the access, and if not, how do I sign up and log in?

Answer

I think what you are doing is straight forward enough. Any API over HTTP needs a simple authentication mechanism. This typically involves an authentication cookie you set when the user logs on.

The trick is to read this authentication cookie from the HTTP response. Then, make sure it gets included in every request after this. The Authorize attribute takes care of the rest.

To clarify, authentication is about who. Once you authenticate a user, you still need to figure out what level of access is needed through authorization.