Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

System.Web.Http.Authorize versus System.Web.Mvc.Authorize

Tags:

asp.net

asp.net-mvc

asp.net-web-api

Which Authorize Attribute ?
System.Web.Http.Authorize
System.Web.Mvc.Authorize

using System.Web.Mvc      // or using System.Web.Http

A typical controller 

    [Authorize]     public class SomeController : Controller

We have controllers Annotated with [Authorize] I just noticed that due to using namespaces the annotations technically refer to different attribute classes.

The project contains MVC controllers and WEBAPI controllers.

Which one should I use and why ? What issues might we have if I dont fix this ?

like image 946
phil soady Avatar asked Oct 03 '13 06:10

phil soady

People also ask

What is MVC Authorize?

In MVC, the 'Authorize' attribute handles both authentication and authorization. In general, it works well, with the help of extension to handle AJAX calls elegantly, and to distinguish between unauthorized users and those who are not logged in.

Which method is used to implement Authorize attribute?

In ASP.NET Web API authorization is implemented by using the Authorization filters which will be executed before the controller action method executed. Web API provides a built-in authorization filter, AuthorizeAttribute. This filter checks whether the user is authenticated.

How to add an authorize attribute to the entire MVC 4 website?

Alter the RegisterGlobalFilters Method in Global.asax to add an Authorize Attribute to the entire ASP.NET MVC 4 Website. You need to specify System.Web.Mvc with the Authorize Attribute because you will find an AuthorizeAttribute in System.Web.Http, too.

What is onauthorization method in MVC?

Here is a snippet of the OnAuthorization Method: Essentially skip authorization if you find an AllowAnonymous Attribute on the action or controller. Always fun to learn about the new features in ASP.NET MVC 4.

How does the onauthorization method of the authorize attribute work?

The OnAuthorization Method of the Authorize Attribute looks for an AllowAnonymous Attribute on the action or the controller and bypasses authorization if this is the case. Here is a snippet of the OnAuthorization Method:

How to secure MVC controller action in MVC?

You need to specify System.Web.Mvc with the Authorize Attribute because you will find an AuthorizeAttribute in System.Web.Http, too. This now secures every controller action in the entire ASP.NET MVC 4 Website except for those that use the AllowAnonymous Attribute.

1 Answers

You must use System.Web.Http.Authorize against an ApiController (Web API controller) and System.Web.Mvc.Authorize against a Controller (MVC controller). Since the framework runs the filters as part of the pipeline processing and the controllers expect the right filter to be applied, if you don't use the corresponding filter, authorization will not work.

like image 145
Badri Avatar answered Sep 21 '22 00:09

Badri
Sign in to Comment

Related questions

Web deployment task failed. (The type initializer for 'Microsoft.Web.Deployment.DeploymentManager' threw an exception.)
How can I run some javascript after an update panel refreshes?
How do I give ASP.NET permission to write to a folder in Windows 7?
Deploy ASP.NET MVC on Linux: Best Practices, Tools & Surprises
Purpose of EF 6.x DbContext Generator option when adding a new data item in Visual Studio
Which web server are you using in production for ASP.NET Core on a *nix server?
Difference between HttpRuntime.Cache and HttpContext.Current.Cache?
The relative virtual path '' is not allowed here
How to not serialize the __type property on JSON objects
Running sites on "localhost" is extremely slow
How to include ampersand in connection string?
How to add namespace in aspx file?
Are static methods thread safe
DateTime.Parse("2012-09-30T23:00:00.0000000Z") always converts to DateTimeKind.Local
Dropdownlist control with <optgroup>s for asp.net (webforms)?
Getting Project Root Path In Controller ASP.NET MVC?
Check if datetime instance falls in between other two datetime objects
Get DisplayName Attribute without using LabelFor Helper in asp.net MVC
Select method in List<t> Collection
How to add property to property map without class explorer?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!