Maybe you guys wanna take a look at how to integrate different authN models with a grain of claims into Web API (aka small framework for token authentication and claims-based identity): https://github.com/leastprivilege/ASP.NET-WebApi-Security
-Christian Weyer
Microsoft MVP for Windows Azure [Architecture]
http://weblogs.thinktecture.com/cweyer
I use same technique, but in a Handler. Only difference I see is that I add a realm. I'm not all that familiar with these headers though, but might be worth a try.
actionContext.Response.Headers.WwwAuthenticate.Add(
new AuthenticationHeaderValue("Basic", "realm=" + Realm));
I use same technique, but in a Handler. Only difference I see is that I add a realm. I'm not all that familiar with these headers though, but might be worth a try.
actionContext.Response.Headers.WwwAuthenticate.Add(
new AuthenticationHeaderValue("Basic", "realm=" + Realm));
Thank you inmykingdom, but I have already tried that. If I add a WwwAuthenticate header it fails. If I don't add it, it works (but the www-authenticate header is not sent, of course). Weird.
@Christian.Weyer, could you provide a short example of basic auth per resource/action with your code?
Thanks everyone, for providing several useful options.
Ended up with an Authorize attribute, with an ActionFilter on the controller in questions (inmykingdom's suggestion). Main reason for choosing this approach was to keep control, and avoid unneccesary execution.
when i'm using this solution and call my restservice from a browser, then the webapi is redirecting to the (not existsting) LoginController and this is not what i want. How can i change this behavoiur?
Christian.We...
Member
32 Points
11 Posts
Re: HTTPS and Basic Authentication without Operationshandler
Feb 22, 2012 02:06 PM|LINK
Maybe you guys wanna take a look at how to integrate different authN models with a grain of claims into Web API (aka small framework for token authentication and claims-based identity): https://github.com/leastprivilege/ASP.NET-WebApi-Security
Microsoft MVP for Windows Azure [Architecture]
http://weblogs.thinktecture.com/cweyer
https://github.com/thinktecture/Thinktecture.Web.Http
inmykingdom
Member
105 Points
34 Posts
Re: HTTPS and Basic Authentication without Operationshandler
Feb 22, 2012 03:14 PM|LINK
I use same technique, but in a Handler. Only difference I see is that I add a realm. I'm not all that familiar with these headers though, but might be worth a try.
actionContext.Response.Headers.WwwAuthenticate.Add( new AuthenticationHeaderValue("Basic", "realm=" + Realm));hilbertZg
Member
28 Points
14 Posts
Re: HTTPS and Basic Authentication without Operationshandler
Feb 22, 2012 03:33 PM|LINK
Thank you inmykingdom, but I have already tried that. If I add a WwwAuthenticate header it fails. If I don't add it, it works (but the www-authenticate header is not sent, of course). Weird.
@Christian.Weyer, could you provide a short example of basic auth per resource/action with your code?
Thanks!
larsm11
Member
12 Points
8 Posts
Re: HTTPS and Basic Authentication without Operationshandler
Feb 23, 2012 06:34 AM|LINK
Thanks everyone, for providing several useful options.
Ended up with an Authorize attribute, with an ActionFilter on the controller in questions (inmykingdom's suggestion). Main reason for choosing this approach was to keep control, and avoid unneccesary execution.
/LM
jan.baer
Member
5 Points
3 Posts
Re: HTTPS and Basic Authentication without Operationshandler
Feb 25, 2012 10:30 AM|LINK
Hallo @all,
when i'm using this solution and call my restservice from a browser, then the webapi is redirecting to the (not existsting) LoginController and this is not what i want. How can i change this behavoiur?
Thanks
Jan
Christian.We...
Member
32 Points
11 Posts
Re: HTTPS and Basic Authentication without Operationshandler
Feb 25, 2012 10:38 AM|LINK
@hilbertZg: not sure I understand your question, but here is a sample controller: https://github.com/leastprivilege/ASP.NET-WebApi-Security/blob/master/Resources/Controller/ConsultantsController.cs
Microsoft MVP for Windows Azure [Architecture]
http://weblogs.thinktecture.com/cweyer
https://github.com/thinktecture/Thinktecture.Web.Http
dbaier
Member
264 Points
66 Posts
MVP
Re: HTTPS and Basic Authentication without Operationshandler
Feb 27, 2012 11:18 AM|LINK
For a host agnostic security framework - have a look here:
https://github.com/leastprivilege/ASP.NET-WebApi-Security
it is based on this idea: http://www.leastprivilege.com/TokenBasedAuthenticationForWCFHTTPRESTServicesAuthentication.aspx
dominick
_____________________________
Dominick Baier - http://www.leastprivilege.com
swildermuth
Member
86 Points
30 Posts
Re: HTTPS and Basic Authentication without Operationshandler
Feb 29, 2012 03:38 AM|LINK
I am doing this exactly but my Response is returning a 500 error instead of 401 (Unauthorized). Any ideas?
MVP, Speaker and Author
Web Workshop (HTML5/CSS/MVC4)
San Fran, CA - Mar 28-30, 2012
Dallas, TX: Apr 29-May 1, 2012
https://agilitrain.com/Workshop/Info/Web_Workshop