Menu
I have created a WebApi 2.2 project (from an Empty New ASP.NET Project) to prove some implementation concepts and I now want to add Authentication to it.
I notice that the only way to add Authentication on a new WebApi app is to use one of the (VS 2013, in my case) Templates.
Is there a sure-fire way of adding Authentication to an already existing WebApi 2.2 app?
I will only want to use bearer tokens, if that makes a difference to any answers I may receive.
967
In IIS Manager, go to Features View, select Authentication, and enable Basic authentication. In your Web API project, add the [Authorize] attribute for any controller actions that need authentication. A client authenticates itself by setting the Authorization header in the request.
Users of the REST API can authenticate by providing a user ID and password to the REST API login resource with the HTTP POST method. An LTPA token is generated that enables the user to authenticate future requests. This LTPA token has the prefix LtpaToken2 .
The ASP.NET Web API Framework provides a built-in authorization filter attribute i.e. AuthorizeAttribute and you can use this built-in filter attribute to checks whether the user is authenticated or not. If not, then it simply returns the HTTP status code 401 Unauthorized, without invoking the controller action method.
Yes you can add the bearer authentication from scratch, I'm not big fan of the VS 2013 templates because they mix between cookies and tokens authentication. You can check my detailed blog post on how to add bearer tokens only to new or existing Web API project. Let me know if you need further help.
105
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
