Open Closed

[AbpApiAuthorize] or [AbpAuthorize] in WebAPI #182


0
daws created

Hey :)

Based on the doc http://www.aspnetboilerplate.com/Pages/ ... horization "AbpAuthorize (AbpMvcAuthorize for MVC Controllers and AbpApiAuthorize for Web API Controllers)"

I would like to restrict my methods from WebAPI Controllers (ApplicationService) to logged users only.

I tried with [AbpApiAuthorize ] but it goes in the method even if not logged. With [AbpAuthorize] the restriction works fine (error user not logged in) and redirect me to the login page (that's normal).

Do I do something wrong with [AbpApiAuthorize] ? i searched on the github repository but there is no code where it's used. (I want to use "AbpApiAuthorize" to get the unAuthorizedRequest>true; & no redirection)

//[AbpApiAuthorize]
[AbpAuthorize]
public List<RiderDto> GetRiders(TimeIntervalDto interval)
{

Thks for your help :)


3 Answer(s)
  • 0
    hikalkan created

    Hi,

    If it's application service method, then use AbpAuthorize. But if it's a regular web api controller, the true attribute should be AbpApiAuthorize. If it does not works, please create an issue here: https://github.com/aspnetboilerplate/as ... issues/new

    Thanks :)

  • 0
    daws created

    Indeed, AbpAuthorize works fine :)

    I just misunderstood the doc ^^

    Maybe adjust it's a good idea to clarify the doc :

    • AbpAuthorize for Application Service
    • AbpMvcAuthorize for MVC Controllers
    • AbpApiAuthorize for_regular (classic?)_Web API Controllers

    Thks for your previous explaination:)

  • 0
    hikalkan created

    Hi @daws,

    Maybe adjust it's a good idea to clarify the doc :

    • AbpAuthorize for Application Service
    • AbpMvcAuthorize for MVC Controllers
    • AbpApiAuthorize for regular (classic?) Web API Controllers

    This is not exactly true :)

    AbpAuthorize can be usable for every class, not only app services (even for controllers). But AbpMvcAuthorize and AbpApiAuthorize are specialized to MVC and WebAPI.

    I will think how to clarify it in docs.