Last post Aug 03, 2014 10:56 AM by BrockAllen
Aug 03, 2014 09:01 AM|Chris17|LINK
I have read and understood the basic concept of authorization in Web API controllers.
I tried it and its working but once I am authorized, i still cannot access a a url, say: api/product or api/categories even after i have logged in.
Please how can I handle this?
Aug 03, 2014 09:12 AM|Rion Williams|LINK
Do you have any examples of how you have implemented the Authorization?
Is there any chance that you are using the [Authorize] attribute along with Role-based requirements? The issue might be that your user is authenticated but simply doesn't have the proper role to access the Action.
If you aren't using Roles, then I would check and ensure that your Authentication is actually working and your user is being logged in properly.
Aug 03, 2014 09:38 AM|Chris17|LINK
Ok. Let me make a little bit clearer.
I just created a new web api project with individual accounts which auto - setup security for the project for me.
Now i added a new controller, ProductController and added [Authorize] above it.
I browsed to /api/product and i got the error 401, then i open a new tab in browser, navigated to root, found the login form, and logged in successful after registering.
When I went back to /api/product and refreshed, i was still getting status error 401 but if i remove [Authorize] i get to see the JSON data.
Aug 03, 2014 09:44 AM|BrockAllen|LINK
Authentication in Web API requires you to pass an authentication token via the Authorization HTTP header in the client. This is the so called "Bearer" authentication and specifically is not cookie based authentication. In other words, Web API does not use
cookies for authentication.
Aug 03, 2014 09:52 AM|Chris17|LINK
Thank you. You have a huge point for me. Please do you have a resource on how i can pass so called 'Bearer' across pages.
Actually i know nothing about it and i would appreciate if you help me with a link to understand how it works and how to use it to make normal authentications like in MVC.
Aug 03, 2014 09:56 AM|BrockAllen|LINK
Aug 03, 2014 10:36 AM|Chris17|LINK
Ok i looked at it but not really very clear to me.
All i just need is for the pages in a particular project to be able to recognize that a particular user is authorized after login
Aug 03, 2014 10:56 AM|BrockAllen|LINK
Then read up on the documentation: