Last post Apr 18, 2016 07:49 AM by Yohann Lu
Apr 18, 2016 03:13 AM|MarkMans|LINK
I have developed a beginner WebAPI application in Visual Studio 2010 using the WebAPI Project Template. It has an index.html and AngularJS Routing. I've also added the Entity Model configuration to attach to a SQL Database using SQL Server 2008. The AngularJS
Routing works fine - it pastes subpages into my index.html outline. And the SQL data even gets displayed in Firebug in Firefox, so I know I'm connecting through to SQL successfully. However the SQL data doesn't actually get displayed to my webpage itself -
instead I get a '401 Unauthorized' for every web access to the project.
Initially I was getting Cross Origin errors so I added the following to my web.config:
<add name="Access-Control-Allow-Origin" value="*"/>
<add name="Access-Control-Allow-Methods" value="GET,PUT,POST,DELETE" />
<add name="Access-Control-Allow-Headers" value="Content-Type" />
This got rid of the Cross Origin errors, but I'm left with 401 errors on every access. This is a small project that uses AngularJS Routing and runs a Stored Procedure to fetch data from a single Database Table in SQL. I have '<identity impersonate="true"
/>' in the web.config, and in IIS Manager I've set Anonymous Authentication to disabled, ASP.NET Impersonation to Enabled, and Windows Authentication to Enabled. I am a Domain Admin and have access to everything. In fact, if I run the site directly from Firefox,
without running it in Visual Studio debug mode, then Firebug displays my SQL Data at the bottom of the screen - along with several 401 errors! It just doesn't display it on the web page.
Any help appreciated. This is the first project I'm setting up from scratch as a WebAPI MVC Asp.net application in VS2010.
Apr 18, 2016 06:33 AM|raju dasa|LINK
Try removing [Authorize] attribute on top of Controllers or Action methods.
Apr 18, 2016 07:49 AM|Yohann Lu|LINK
From your description, you can add the [AllowAnonymous] Attribute in your wen api controls methods.
// GET api/values/5
public string Get(int id)
You can refer the tutorial about Authentication and Authorization in ASP.NET Web API:
If you need to protect your API using bearer tokens, then I recommend you to read the Token Based Authentication post: