Menu
I am writing Web API ( v2.2 ) for accessing another REST API. Reason is that I want restrict some functional and provide more friendly data. In short I am writing wrapper for some REST API.
I am providing authentication/authorization via my Implementation of AuthorizationFilterAttribute. Here is snippet of code:
public override void OnAuthorization(HttpActionContext actionContext)
{
var authorizeHeader = actionContext.Request.Headers.Authorization;
if (authorizeHeader != null
&& authorizeHeader.Scheme.Equals("basic", StringComparison.OrdinalIgnoreCase)
&& String.IsNullOrEmpty(authorizeHeader.Parameter) == false)
{
// Code to test is username/password correct for second API
// Trying to get some recourse with provided credentials
// ...
}
}
Now I want to understand, if I set my attribute to controller's action, like this:
[HttpGet]
[Route("{taskId}/{dispatchId}")]
[SecureResourceAttribute] // This is my attribute
public IHttpActionResult GetDispatch(string taskId, string dispatchId)
Every time when I request this action, OnAuthorization method will execute ? Does it anywhere store that client is already authorized ?
If No, how can I get it to store that client is already authorized ?
Thank you, for your time.
805
Q: Is OnAuthorization going to be called on every call?
A: If controller is decorated with [Authorize] attribute, Yes.
Q: Does it anywhere store that client is already authorized?
A: No. The service is Stateless by default.
Q: If No, how can I get it to store that client is already authorized?
A: This again goes back to the fact that WEB API Service is stateless and there is no relationship between different requests that comes in.
127
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
