Base solution for your next web application
Open Closed

Secure Web API Controllers #151


User avatar
0
Hasan created

Dear Team I am just starting this wonderful module for one of my project

How to give authorization generated to API Controllers ?

For example,

before the user calls, he has to login and get the session id before he proceeds to call other methods

Would like to achieve something like this ?

<a class="postlink" href="http://www.asp.net/web-api/overview/security/individual-accounts-in-web-api">http://www.asp.net/web-api/overview/sec ... in-web-api</a>


3 Answer(s)
  • User Avatar
    0
    hikalkan created
    Support Team

    Hi Hasan,

    Thank you for interested in this project.

    ABP has AbpAuthorize attribute for authorization that is described in this document: <a class="postlink" href="http://www.aspnetboilerplate.com/Pages/Documents/Authorization">http://www.aspnetboilerplate.com/Pages/ ... horization</a>.

    ABP defines authorization as abstract. module-zero (<a class="postlink" href="https://github.com/aspnetboilerplate/module-zero">https://github.com/aspnetboilerplate/module-zero</a>) implements it using ASP.NET Identity Framework. There is a sample project in repository. It show usage of login form and authorization. You can check it and documentation to accomplish what you want. I'm continueing to documentation for module-zero.

    Beside that, you can also check ASP.NET Zero project (which is UI layer for ABP & module-zero): <a class="postlink" href="http://www.aspnetzero.com/">http://www.aspnetzero.com/</a> But it's commerical, not open source. If you will create a commerical application, this project can help you.

  • User Avatar
    0
    Hasan created

    Dear Hikalkan

    Thanks for your reply.

    For my case, I will have to create a API Controller by myself and use the APIauthorize attribute

    Please clarify

  • User Avatar
    0
    hikalkan created
    Support Team

    Yes, you can create Web API controllers and add ASP.NET's standard security mechanism if you don't want to use ABP's authorization system.

    Thanks.