3

I have used the [Authorize] attribute in an ASP.NET Web API method

[Authorize]
public IEnumerable<User> GetAllUsers()

From the application I can access this method without a problem as my user is already authenticated. However, is there any way that I can specify the username, password to this method when calling so that I can implement a REST API? This is when calling from a standalone application or the browser.

Improve this question

1 Answer 1

Reset to default
2

I didn't entirely understand your question but System.Web.Http.AuthorizeAttribute checks against Thread.CurrentPrincipal to see if the user is authorized or not.

You can specifically give user permissions if you want as below:

[Authorize(Users = "User1")]
public IEnumerable<User> GetAllUsers()

But the Authentication process is entirely up to you. I would recommend authenticating the user through a message handler and then populating the Thread.CurrentPrincipal there. Then, use the AuthorizeAttribute as you see fit for your application.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I actually implemented a custom authorization based on the method header, So any 3rd party user can also be authenticated.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.