1

I am trying to create a web api with forms based authentication. I want to login from a client and retrieve data from there. When I log in, user gets authenticated and can retrieve data by giving http request direct into adressbar like localhost:1393/api/Game. But when i try to get it from client I am getting a 401 (Unauthorized error). I have enabled CORS in server side. This is the controller to handle data

using System;
using System.Collections.Generic;
using System.Data;
using System.Data.Entity.Infrastructure;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Web;
using System.Web.Http;

using System.Web.Security;
using Cheeky_backend.Models;
using System.Web.Http.WebHost;


namespace Cheeky_backend.Controllers
{
    public class Demo
    {
        public List<Teams> team { get; set; }
        public List<Hole> hole { get; set; }
    }

    [Authorize]
    public class GameController : ApiController
    {

        private Cheeky_backendContext db = new Cheeky_backendContext();



        // GET api/Game
        public IEnumerable<Hole> GetHoles()
        {
            return db.Holes.AsEnumerable();
        }


    }

}

This is the authenticating controler 

using System;
using System.Collections.Generic;
using System.Data;
using System.Data.Entity.Infrastructure;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Web;
using System.Web.Security;
using System.Web.Http;
using Cheeky_backend.Models;

namespace Cheeky_backend.Controllers
{
    public class UserController : ApiController
    {
        private Cheeky_backendContext db = new Cheeky_backendContext();

        // GET api/Default1


        // GET api/Default1/5


        // PUT api/Default1/5

        // POST api/Default1

        public HttpResponseMessage CreateUser(User user)
        {
            if (ModelState.IsValid)
            {
                db.Users.Add(user);
                db.SaveChanges();

                HttpResponseMessage response = Request.CreateResponse(HttpStatusCode.Created, user);
           // response.Headers.Location = new Uri(Url.Link("DefaultApi", new { id = user.ID }));
                return response;
            }
            else
            {
                return Request.CreateResponse(HttpStatusCode.BadRequest);
            }
        }

        // DELETE api/Default1/5

        public HttpResponseMessage Login(User user)
        {
            var userfound = from user2 in db.Users
                            where user.username == user2.username && user.password == user2.password
                        select user2;

           if( userfound.Any())   
           {   
               FormsAuthentication.SetAuthCookie(user.username, true);
               return Request.CreateResponse(HttpStatusCode.OK,user);
           }
          return Request.CreateResponse(HttpStatusCode.Unauthorized);
       }


    }
}
Improve this question

1 Answer 1

Reset to default
0

Source

In your Authentication Handler

  • Don't set the Principal on the Thread.CurrentPrinicipal any more.
  • Use the Principal on the HttpRequestContext.

Take a look at here

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.