Earlier we have seen how to Create WEBAPI for GET
POST PUT methods, as a part of security we can use userid & Password
authentication for the service. Each time while the request has been received
credentials in the headers are validated before giving response.
1.
Create new Controller
Create get method to
return some data from table.
Controller code with
entity framework:
using System.Threading;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Web.Http;
using WEBAPIAUTHORIZATION.Models;
namespace WEBAPIAUTHORIZATION.Controllers
{
public class EmployeeController : ApiController
{
public HttpResponseMessage Get() //GET
{
string username = Thread.CurrentPrincipal.Identity.Name;
using (ACT2_MINIQEntities entities = new ACT2_MINIQEntities())
{
var employeelist = entities.EmployeeDetails.ToList();
return Request.CreateResponse(HttpStatusCode.OK, employeelist);
}
}
}
}
2. Create new class at the root folder
of the webapi project.
In my case creating class
with Security.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using WEBAPIAUTHORIZATION.Models;
namespace WEBAPIAUTHORIZATION
{
public class Security
{
public static bool Login(string Username, string Password)
{
//Database connection to retrive daata
using (ACT2_MINIQEntities entities = new ACT2_MINIQEntities())
{
//returns bool
return entities.users.Any(
x =>
x.username.Equals(
Username, StringComparison.OrdinalIgnoreCase)
&& x.passcode ==
Password);
}
}
}
}
1. Create Another new class at the
root folder of webapi project.
In
my case I have named as Authentication.cs
using System;
using System.Linq;
using System.Web.Http.Filters;
using System.Threading;
using System.Net.Http;
using System.Net;
using System.Text;
using System.Security.Principal;
using System.Web.Http.Controllers;
namespace WEBAPIAUTHORIZATION
{
public class Authentication : AuthorizationFilterAttribute
{
public override void OnAuthorization(HttpActionContext actionContext)
{
if
(actionContext.Request.Headers.Authorization == null)
{
actionContext.Response =
actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
}
else
{
string authenToken =
actionContext.Request.Headers.Authorization.Parameter;
string decodedToken = Encoding.UTF8.GetString(Convert.FromBase64String(authenToken));
string[] credentials = decodedToken.Split(':');
string userName = credentials[0];
string password = credentials[1];
if (Security.Login(userName,
password))
{
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(userName), null);
}
else
{
actionContext.Response =
actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
}
}
}
}
}
4. Changes in WebApiConfig.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net.Http;
using System.Web.Http;
using Microsoft.Owin.Security.OAuth;
using Newtonsoft.Json.Serialization;
namespace WEBAPIAUTHORIZATION
{
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
//to authenticate globally
config.Filters.Add(new Authentication());
}
}
}
To test output, we should send the credentials in request headers
Credentials should be in format of username:Password
Credentials should be encoded to base64 format. As shown below.