Menu
Let's say that I have a ASP.NET application that have some APIs.
For example,
{HostName}/api/a/*
{HostName}/api/b/*
Now I want to disable all {HostName}/api/a/* APIs(But remain /api/b/*). When client call /api/a/* APIs, they get a 404 error. When client call /api/b/* APIs, response normally.
Is there any way to do this in c# ASP.NET application?
413
In simple terms a REST API allows applications to interact with each other and exchange data. For example, let's say you are building a mobile application or a web application. In that application you want to display weather data like temperature, humidity, wind speed etc.
Although ASP.NET Web API is packaged with ASP.NET MVC, it is easy to add Web API to a traditional ASP.NET Web Forms application. To use Web API in a Web Forms application, there are two main steps: Add a Web API controller that derives from the ApiController class. Add a route table to the Application_Start method.
To put it in simple terms, API is some kind of interface which has a set of functions that allow programmers to access specific features or data of an application, operating system or other services.
There are several approaches a can take to disable certain actions or routes as mentioned in the comments.
1.) [NonAction] attribute
The [NonAction] attribute from System.Web.Http can be applied for ApiController actions. If such a method is called then the server returns the HTTP Code 404 (Method not found). The attribute can only be applied on method level and not on classes. So every single method has to be decorated with this attribute.
2.) Writing a custom action filter
This approach gives you more control. Your filter can be applied on class level and you can implement some more advanced logic in which conditions your controller is accessible or not (depending on dates, licences, feature toggles and so forth)
public class MyNoActionFilterAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(HttpActionContext actionContext)
{
if (IfDisabledLogic(actionContext))
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.NotFound);
}
else
base.OnActionExecuting(actionContext);
}
}
[MyNoActionFilter]
public class ValuesController : ApiController
{
// web api controller logic...
}
3.) Route Configuration in WebApiConfig.cs
You can add a web api route for the inaccessible controllers in the WebApiConfig and map this route to a non existant controller. Then the framework takes this route, does not find the controller and sends a 404 return code to the client. It is important to place these routes at the beginning in order to avoid undesired execution.
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
// Web API configuration and services
config.Routes.MapHttpRoute(
name: "DisabledApi",
routeTemplate: "api/b/{id}",
defaults: new { controller = "DoesNotExist", id = RouteParameter.Optional }
);
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
}
}
Because you stated not to use attributes because of the amount of work I recommend the third option, because the route configuration defines a single place for this. And if you want to enable the route in the future again you have to remove only one route definition.
181
Might be a hack, but works fine for me:
Changing scope of the Controller from public to internal hides all actions from that Controller class. So:
internal class AController : ApiController
{
[...]
}
Requests to http://host/api/a/* then will fail with "No type was found that matches the controller named 'a'."
42
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
