Last post Nov 22, 2018 06:43 PM by PatriceSc
Nov 22, 2018 10:59 AM|AnyUserNameThatLetsMeIn|LINK
I have a web service that pushes data into a Sage system. It has multiple end points within the web service.
In my controller I have a function that picks the request up:
public string Get([FromQuery] string c = "", string s = "")
c and s are two query string parameters that may or may not be set. However, I don't want this end point to return anything unless the user authenticates. I obviously don't want to send anything on the query string. How would I go about rejecting the call
if the user hasn't authenticated? How is it set up? Are there any changes in IIS that I need to do? I'm sure there are millions of pages to read about this, but I don't know where to start.
Essentially, if the client hits the URL it needs to return customer information but only if the client authenticates. If it doesn't it returns nothing.
Nov 22, 2018 06:43 PM|PatriceSc|LINK
https://docs.microsoft.com/en-us/aspnet/web-api/overview/security/authentication-and-authorization-in-aspnet-web-api#authorization and the "Globally" option.
It will allow to check the user is authenticated before using a controller. You'll use Windows authentication ? (it won't change compared with a "regular" web app).