Hello everyone, I am going to share the code-sample
to Authentication and Authorization the MVC.Net Web API 2.
·
If Web API 2 Missing header then
return 404 Bad request with Authorization Token - Missing messages.
·
If Web API 2 call is unauthorized then
return 401 Unauthorized with unauthorized
user.
·
If Web API 2 call is invalid then
return authorization Token - Invalid messages.
·
If Web API 2 request is valid then ok.
There are fallowing steps to achieve the MVC API Authorization as given below.
Step1
: Call APIs using AJAX request.
this.getAddress = function (Ids) {
return $http({
method: 'GET',
url: " http://localhost:9669/api/userProfile/GetAddress?id=" + Ids,
// Write header as per you.
});
};
Step
2: Let's start step 2 as given below.
Create a class " APIAuthorizationHandler .cs"
for Authorization and Authentication to APIs and APIAuthorizationHandler is inherited
to the DelegatingHandler .
Write Authentication logic in API Authorization
Handler class which are given below.
namespace Employee.Models
{
public class APIAuthorizationHandler : DelegatingHandler
{
// Added http response custom
messages.
private const string TokenInvalid = "Authorization
Token - Invalid";
private const string TokenMissing = "Authorization
Token - Missing";
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
IEnumerable<string>
ApplicationHeaderApiValues = null;
// Checking the Header values
if
(request.Headers.TryGetValues("Authorization ", out
ApplicationHeaderApiValues))
{
string[] apiKeyHeaderValue
= ApplicationHeaderApiValues.First().Split(':');
// Checking length
if
(apiKeyHeaderValue.Length > 0)
{
// Code logic after
authenticate the application.
var appAutho =
apiKeyHeaderValue[0];
if (appAutho.Equals(HttpContext.Current.User.Identity.Name))
{
var userNameClaim = new Claim(ClaimTypes.Name, appAutho);
var identity = new ClaimsIdentity(new[] { userNameClaim
}, "ApplicationHeader");
var principal = new ClaimsPrincipal(identity);
Thread.CurrentPrincipal =
principal;
if (HttpContext.Current != null)
{
HttpContext.Current.User =
principal;
}
}
else
{
return
requestCancel(request, cancellationToken, TokenInvalid);
}
}
else
{
return
requestCancel(request, cancellationToken, TokenMissing);
}
}
else
{
return
requestCancel(request, cancellationToken, TokenMissing);
}
return base.SendAsync(request,
cancellationToken);
}
// Web request cancel call
due to missing APIID, APIID is NULL, missing all parameters etc.
private Task<HttpResponseMessage> requestCancel(HttpRequestMessage requestMsg, CancellationToken cancellationToken, string msg)
{
CancellationTokenSource tokenSource = new CancellationTokenSource();
HttpResponseMessage responseMsg = new HttpResponseMessage();
cancellationToken =
tokenSource.Token;
tokenSource.Cancel();
responseMsg =
requestMsg.CreateResponse(HttpStatusCode.BadRequest);
responseMsg.Content = new StringContent(msg);
return base.SendAsync(requestMsg,
cancellationToken).ContinueWith(task =>
{
return responseMsg;
});
}
}
}
Step : 3 Configuration to Message Handlers in
Global.asax.cs class. i.e.
public class MvcApplication : System.Web.HttpApplication
{
protected void Application_Start()
{
AreaRegistration.RegisterAllAreas();
GlobalConfiguration.Configure(WebApiConfig.Register);
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
//Configuration to
MessageHandlers for API Authorization handler.
GlobalConfiguration.Configuration.MessageHandlers.Add(new APIAuthorizationHandler());
}
}
The
output : Please see given below the images
|
Anil Singh is an author, tech blogger, and software programmer. Book writing, tech blogging is something do extra and Anil love doing it. For more detail, kindly refer to this link..
|
