ASP.NET Web API Authorization using Tokens
2013-07-24 09:24
405 查看
Planning real world REST API
http://blog.developers.ba/post/2012/03/03/ASPNET-Web-API-Authorization-using-Tokens.aspxWhen you try to plan how to build real world REST API like other major players like Facebook or Foursquare have you will soon realize that all major players use OAuth 2.0 .
ASP.NET Web API comes with support for authorize attribute and that’s nice, but for real world API I want to support token based approach.
OAuth 2.0 Server
For supporting token based approach you must have some kind of server that will issue tokens. Building token server can be complex and most major players have implemented OAuth 2.0 server based on draft 10 OAuth documentation.We hope that Microsoft will provide us with their own OAuth 2.0 server for free in final version of ASP.NET MVC 4.
Meanwhile I will just assume that you already have your own OAuth 2.0 server.
Building ActionFilterAttribute
I have solved my problem with authorization by implementing RequireAuthorize ActionFilterAttribute. This attribute also have scope property. Scope property is used for limiting access to your REST API.You just need to decorate controllers or actions in controllers with this attribute and optionally set required scope for accessing these actions.
Here is RequireAuthorizeAtribute:
?
?
相关文章推荐
- Creating a REST service using ASP.NET Web API
- Using ASP.Net WebAPI with Web Forms
- How do I get ASP.NET Web API to return JSON instead of XML using Chrome
- File Upload using jQuery AJAX in ASP.NET Web API or Http handler (AJAX上传文件通过Web API或 http handler)
- [转]Web API Introduction to OData Services using ASP.NET Web API
- Using SSL in ASP.NET Web API
- Using MongoDB with Web API and ASP.NET Core
- basic-http-authentication-in-asp-net-web-api-using-message-handlers asp.net mvc4 web api authentication
- Authentication and Authorization in ASP.NET Web API
- Using ASP.NET Web API with ASP.NET Web Forms
- ASP.NET WebAPI Bearer Authorization
- A Book Store Application Using AngularJS and Asp.Net Web Api
- Handling HTTP 404 Error in ASP.NET Web API
- Manual JSON serialization from DataReader in ASP.NET Web API
- 打造属于自己的支持版本迭代的Asp.Net Web Api Route
- ASP.NET WebApi MediaTypeFormatter参数绑定的研究,支持POST文本方式的JSON字符串绑定
- ASP.NET Core MVC/WebAPi 模型绑定
- ASP.NET WebApi服务接口如何防止重复请求实现HTTP幂等性(八)
- Asp.net WebApi + EF 单元测试架构 DbContext一站到底
- 一篇关于AJAX的好文:AJAX-Style Web Development Using ASP.NET