You can authenticate your web API in simple two steps.
Step 1 – Create HTTPModule to authenticate request and register
Create file with below code and register this module to
web.config
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net.Http.Headers;
using System.Security.Principal;
using System.Text;
using System.Threading;
using System.Web;
using System.Web.Mvc;
using System.Web.SessionState;
namespace ProjectNamespace
{
public class BasicAuthHttpModule : IHttpModule
{
private const string Realm = "Message to display";
public void Init(HttpApplication context)
{
//
Register event handlers
context.AuthenticateRequest +=
OnApplicationAuthenticateRequest;
context.EndRequest +=
OnApplicationEndRequest;
_trackTraceUserService = new TrackAndTraceUserService();
}
private static void SetPrincipal(IPrincipal principal)
{
Thread.CurrentPrincipal = principal;
if (HttpContext.Current != null)
{
HttpContext.Current.User = principal;
}
}
// TODO:
Here is where you would validate the username and password.
private static bool CheckPassword(string username, string password)
{
//Write
your code to authenticate user
}
private static bool AuthenticateUser(string credentials)
{
bool validated = false;
try
{
var encoding = Encoding.GetEncoding("iso-8859-1");
credentials =
encoding.GetString(Convert.FromBase64String(credentials));
int separator = credentials.IndexOf(':');
string name = credentials.Substring(0, separator);
string password = credentials.Substring(separator + 1);
validated = CheckPassword(name,
password);
if (validated)
{
var identity = new GenericIdentity(name);
SetPrincipal(new GenericPrincipal(identity,
null));
}
}
catch (FormatException)
{
//
Credentials were not formatted correctly.
validated = false;
}
return validated;
}
private static void
OnApplicationAuthenticateRequest(object sender, EventArgs e)
{
var request = HttpContext.Current.Request;
var authHeader = request.Headers["Authorization"];
if (authHeader != null)
{
var authHeaderVal = AuthenticationHeaderValue.Parse(authHeader);
//
RFC 2617 sec 1.2, "scheme" name is case-insensitive
if (authHeaderVal.Scheme.Equals("basic",
StringComparison.OrdinalIgnoreCase)
&&
authHeaderVal.Parameter != null)
{
AuthenticateUser(authHeaderVal.Parameter);
}
}
}
// If
the request was unauthorized, add the WWW-Authenticate header
// to
the response.
private static void OnApplicationEndRequest(object sender, EventArgs e)
{
var response = HttpContext.Current.Response;
if (response.StatusCode == 401)
{
response.Headers.Add("WWW-Authenticate",
string.Format("Basic realm=\"{0}\"", Realm));
}
}
public void Dispose()
{
}
}
}
Add bellow line in web.config
<system.webServer>
<modules>
<add name="BasicAuthHttpModule" type="ProjectNamespace.BasicAuthHttpModule, ProjectName" />
</modules>
</system.webServer>
Step 2 – Create Web API
public class MyController : ApiController
{
[Authorize]
public List<MyObject> Get([FromUri] MyClass data)
{
}
Hope
this helps you!!
No comments:
Post a Comment