Apply [Authorize] attribute implicitly to all Web API controllers

c# .net asp.net-web-api asp.net-web-api2
amcdnl picture amcdnl · Feb 20, 2014 · Viewed 24.8k times · Source

My application is setup where all requests except login must be 'authorized' using the authorization attribute in Web API. E.g.

 [Authorize]
 [HttpGet, Route("api/account/profile")]
 public ApplicationUser Profile()
 {
       return userModel;
 }

and only the login needs to not authorize since thats where you get the token ;)

[AllowAnonymous]
[HttpPost, Route("api/account/login")]
public async Task<IHttpActionResult> Login(LoginViewModel model)
{
   ....
}

instead of having to add the [Authorize] attribute to ALL my routes, is there a way to set it globally?

Answer

ssilas777 picture ssilas777 · Feb 20, 2014

You have two options

  1. Controller level by decorating your controller with authorize attribute. 

    [Authorize]
[RoutePrefix("api/account")]
public class AccountController : ApiController
{

  2. You can also set it global level to all routes, in Register method of WebApiConfig.cs file

     config.Filters.Add(new AuthorizeAttribute());

Related questions

Web API 2: how to return JSON with camelCased property names, on objects and their sub-objects

UPDATE Thanks for all the answers. I am on a new project and it looks like I've finally got to the bottom of this: It looks like the following code was in fact to blame: public static HttpResponseMessage GetHttpSuccessResponse(object …

Read More
The route template separator character '/' cannot appear consecutively - Attribute routing issue

The configuration has nothing to do with the error This is my configuration for the Web API in App_Start/WebApiConfig.cs: public static void Register(HttpConfiguration config) { // Web API routes config.MapHttpAttributeRoutes(); config.Routes.MapHttpRoute( name: "DefaultApi", routeTemplate: "api/{…

Read More
proper implementation of "windows" authentication in web api?

I've created a Web Api 2 app which will only be used on the corporate network. I've read about Windows authentication in Web API so it seems to be possible. But I need to figure out the proper implementation for this. …

Read More