I was wandering if there is a way to enable Windows authentication only for the particular action of the particular ASP.Net Web API controller. My Web API web service has a couple of controllers with numerous actions, but only one action of one controller needs Windows authentication. This web services is implemented using Web API 2.1, and is hosted in IIS (v7.5 and above). Even though, it’s an intranet web service I don’t want to enable windows authentication on controllers and actions that don’t need it. Please let me know if there is a way to enable Windows authentication for a specific controller and action.
My web service code is similar to the code below. Only endpoint api/controller1/action1 implemented by Controller1.Action1 requires windows authentication. The rest of actions don't need Windows authentication:
[RoutePrefix("api/controller1")]
public class Controller1: ApiController
{
[Route("action1")]
public HttpResponseMessage Action1()
{
return Request.CreateResponse<object>(HttpStatusCode.OK, null);
}
[Route("action2")]
public HttpResponseMessage Action2()
{
return Request.CreateResponse<object>(HttpStatusCode.OK, null);
}
}
[RoutePrefix("api/controller2")]
public class Controller2 : ApiController
{
[Route("action1")]
public HttpResponseMessage Action1()
{
return Request.CreateResponse<object>(HttpStatusCode.OK, null);
}
[Route("action2")]
public HttpResponseMessage Action2()
{
return Request.CreateResponse<object>(HttpStatusCode.OK, null);
}
}
Thank you, Rita
is this what your want? adding this to your config file.
<location path="api/controller1">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With