In the SPA template there are actually two separate authentication mechanisms enabled- cookie authentication and token authentication. This enables authentication of both MVC and Web API controller actions, but requires some additional setup. If you look in the WebApiConfig.Register method you’ll see this line of code: config.SuppressDefaultHostAuthentication(); That tells Web API to ignore cookie authentication, … Read more
You should return IHttpActionResult because you can be more specific to the client. You can create more user friendly web applications. Basically you can return different HTML status messages for different situations. For example: public async Task<IHttpActionResult> GetMyItems() { if(!authorized) return Unauthorized(); if(myItems.Count == 0) return NotFound(); //… code …, var myItems = await … … Read more
404 is your best response. According to the HTTP RFC, http://www.ietf.org/rfc/rfc2616.txt, A 400 Bad Request means: The request could not be understood by the server due to malformed syntax. Whereas, 404 states: The server has not found anything matching the Request-URI. The entire URI is your resource identifier, and you’re not finding a matching resource … Read more
If you already have the token and can view the information, use an instance of the UserManager to push that information to. That’s essential what your codetrix solution is doing, but you can do the same. The endpoints your referencing just have those setup already, so view that code to see how it’s invoking the … Read more
As it often is the case, I found the answer immediately after submitting the question… ApplicationOAuthProvider.cs contains the following code out-of-the-box public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { using (UserManager<IdentityUser> userManager = _userManagerFactory()) { IdentityUser user = await userManager.FindAsync(context.UserName, context.Password); if (user == null) { context.SetError(“invalid_grant”, “The user name or password is incorrect.”); return; } … Read more
Route prefixes are associated with routes by design in attribute routing. It is used to set a common prefix for an entire controller. If you read the release notes that introduced the feature you may get a better understanding of the subject. ASP.NET Web API 2 Attribute routing ASP.NET Web API now supports attribute routing, … Read more
Ok, so this was easier than anticipated, thanks for @Khalid for the heads up, I have ended up creating an owin middleware named OwinExceptionHandlerMiddleware which is dedicated for handling any exception happening in any Owin Middleware (logging it and manipulating the response before returning it to the client). You need to register this middleware as … Read more
c# public class ValuesController : ApiController { // POST api/values [HttpPost] // added attribute public IHttpActionResult Post([FromBody] string filterName) // added FromBody as this is how you are sending the data { return new JsonResult<string>(filterName, new JsonSerializerSettings(), Encoding.UTF8, this); } JavaScript $.ajax( { url: “/api/Values/”, // be consistent and case the route the same as … Read more
Thank you all for your valuable input however below code worked as expected. actionContext.HttpContext.Request.Headers.TryGetValue(“Authorization”, out authorizationToken);
You have two options Controller level by decorating your controller with authorize attribute. [Authorize] [RoutePrefix(“api/account”)] public class AccountController : ApiController { You can also set it global level to all routes, in Register method of WebApiConfig.cs file config.Filters.Add(new AuthorizeAttribute());