Open Closed

[AbpApiAuthorize] or [AbpAuthorize] in WebAPI #182


0
daws created

Hey :)

Based on the doc <a class="postlink" href="http://www.aspnetboilerplate.com/Pages/Documents/Authorization">http://www.aspnetboilerplate.com/Pages/ ... horization</a> "AbpAuthorize (AbpMvcAuthorize for MVC Controllers and AbpApiAuthorize for Web API Controllers)"

I would like to restrict my methods from WebAPI Controllers (ApplicationService) to logged users only.

I tried with [AbpApiAuthorize ] but it goes in the method even if not logged. With [AbpAuthorize] the restriction works fine (error user not logged in) and redirect me to the login page (that's normal).

Do I do something wrong with [AbpApiAuthorize] ? i searched on the github repository but there is no code where it's used. (I want to use "AbpApiAuthorize" to get the unAuthorizedRequest>true</unAuthorizedRequest>; & no redirection)

//[AbpApiAuthorize]
[AbpAuthorize]
public List<RiderDto> GetRiders(TimeIntervalDto interval)
{

Thks for your help :)


3 Answer(s)
  • 0
    hikalkan created
    Support Team

    Hi,

    If it's application service method, then use AbpAuthorize. But if it's a regular web api controller, the true attribute should be AbpApiAuthorize. If it does not works, please create an issue here: <a class="postlink" href="https://github.com/aspnetboilerplate/aspnetboilerplate/issues/new">https://github.com/aspnetboilerplate/as ... issues/new</a>

    Thanks :)

  • 0
    daws created

    Indeed, AbpAuthorize works fine :)

    I just misunderstood the doc ^^

    Maybe adjust it's a good idea to clarify the doc :

    • AbpAuthorize <ins>for Application Service</ins>
    • AbpMvcAuthorize for MVC Controllers
    • AbpApiAuthorize for_<ins>regular (classic?)</ins>_Web API Controllers

    Thks for your previous explaination:)

  • 0
    hikalkan created
    Support Team

    Hi @daws,

    Maybe adjust it's a good idea to clarify the doc :

    • AbpAuthorize for Application Service
    • AbpMvcAuthorize for MVC Controllers
    • AbpApiAuthorize for regular (classic?) Web API Controllers

    This is not exactly true :)

    AbpAuthorize can be usable for every class, not only app services (even for controllers). But AbpMvcAuthorize and AbpApiAuthorize are specialized to MVC and WebAPI.

    I will think how to clarify it in docs.