MVC Web API Authorization and Authentication

MVC Web API Authorization and Authentication

Hello everyone, I am going to share the code-sample to Authentication and Authorization the MVC.Net Web API 2.

·         If Web API 2 Missing header then return 404 Bad request with Authorization Token - Missing messages.
·         If Web API 2 call is unauthorized then return 401 Unauthorized  with unauthorized user.
·         If Web API 2 call is invalid then return authorization Token - Invalid messages.
·         If Web API 2 request is valid then ok.

There are fallowing steps to achieve the MVC API Authorization as given below.

Step1 : Call APIs using AJAX request.

this.getAddress = function (Ids) {
      return $http({
                        method: 'GET',
                        url: " http://localhost:9669/api/userProfile/GetAddress?id=" + Ids,
                        headers: {Authorization : 'anil.singh@code-sample.com'}
             // Write header as per you.
            });
};

Step 2: Let's start step 2 as given below.

Create a class " APIAuthorizationHandler .cs" for Authorization and Authentication to APIs and APIAuthorizationHandler is inherited to the DelegatingHandler .

Write Authentication logic in API Authorization Handler class which are given below.

namespace Employee.Models
{
    public class APIAuthorizationHandler : DelegatingHandler
    {
        // Added http response custom messages.
        private const string TokenInvalid = "Authorization Token - Invalid";
        private const string TokenMissing = "Authorization Token - Missing";

        protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            IEnumerable<string> ApplicationHeaderApiValues = null;

            // Checking the Header values
            if (request.Headers.TryGetValues("Authorization ", out ApplicationHeaderApiValues))
            {
                string[] apiKeyHeaderValue = ApplicationHeaderApiValues.First().Split(':');

                // Checking  length
                if (apiKeyHeaderValue.Length > 0)
                {
                    // Code logic after authenticate the application.
                    var appAutho = apiKeyHeaderValue[0];

                    if (appAutho.Equals(HttpContext.Current.User.Identity.Name))
                    {
                        var userNameClaim = new Claim(ClaimTypes.Name, appAutho);
                        var identity = new ClaimsIdentity(new[] { userNameClaim }, "ApplicationHeader");
                        var principal = new ClaimsPrincipal(identity);
                        Thread.CurrentPrincipal = principal;

                        if (HttpContext.Current != null)
                        {
                            HttpContext.Current.User = principal;
                        }
                    }
                    else
                    {
                        return requestCancel(request, cancellationToken, TokenInvalid);
                    }
                }
                else
                {
                    return requestCancel(request, cancellationToken, TokenMissing);
                }
            }
            else
            {
                return requestCancel(request, cancellationToken, TokenMissing);
            }

            return base.SendAsync(request, cancellationToken);
        }

        // Web request cancel call due to missing APIID, APIID is NULL, missing all parameters etc.
        private Task<HttpResponseMessage> requestCancel(HttpRequestMessage requestMsg, CancellationToken cancellationToken, string msg)
        {
            CancellationTokenSource tokenSource = new CancellationTokenSource();
            HttpResponseMessage responseMsg = new HttpResponseMessage();

            cancellationToken = tokenSource.Token;
            tokenSource.Cancel();

            responseMsg = requestMsg.CreateResponse(HttpStatusCode.BadRequest);
            responseMsg.Content = new StringContent(msg);

            return base.SendAsync(requestMsg, cancellationToken).ContinueWith(task =>
            {
                return responseMsg;
            });
        }
    }
}

Step : 3  Configuration to Message Handlers in Global.asax.cs class. i.e.

public class MvcApplication : System.Web.HttpApplication
{
        protected void Application_Start()
        {
            AreaRegistration.RegisterAllAreas();
            GlobalConfiguration.Configure(WebApiConfig.Register);
            FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
            RouteConfig.RegisterRoutes(RouteTable.Routes);
            BundleConfig.RegisterBundles(BundleTable.Bundles);

            //Configuration to MessageHandlers for API Authorization handler.
            GlobalConfiguration.Configuration.MessageHandlers.Add(new APIAuthorizationHandler());
        }
}

The output : Please see given below the images





ANIL SINGH

Hey! I'm Anil Singh. I author this blog. I'm Active Blogger, Programmer. I love learning new technologies, programming, blogging and participating the forum discussions more...
My Blogs - http://www.code-sample.com and http://www.code-sample.xyz
My Books - Buy Books Online at Best Prices

You Might Also Like
Post a Comment
www.code-sample.com/. Powered by Blogger.