c# - Securing WebAPI with [Authorize] attribute vs. User.Identiy.IsAuthenticated -


i have webapi controller requires users authenticated , i'm using ms identity 2.0 authentication. controller looks this:

[route("myroute")] [authorize] [httppost] public httpresponsemessage post([frombody] string value) {   if (user.identity.isauthenticated == true)   {      ....    }   else   {       return new httpresponsemessage(system.net.httpstatuscode.forbidden);   }

if remove 1 of these options @ time, in both cases, when unauthorized user calls controller, returns forbidden response. what's difference between these 2 options , there 1 that's better other?

thanks.

with [authorize] attribute, authorization logic can overridden filters , located @ central location in code.

the 

if (user.identity.isauthenticated == true) {    ....  } else {     return new httpresponsemessage(system.net.httpstatuscode.forbidden); }

basically same default [authorize] functionality, you'll repeating on , over.

a technical detail though, authorization filters [authorize] higher in pipeline, forbidden there more efficient server.

see: http://www.dotnet-tricks.com/tutorial/mvc/lyhk270114-detailed-asp.net-mvc-pipeline.html


-

Comments

Post a Comment

Popular posts from this blog

android - Automated my builds -

i have multiple app , android project want automated in build , release sequence. have ant script build , create apk of app. want have 1 script or ant file start build sequence app. maybe don't konw search, can't find easy documentation on ant. the point of use jenkins ant (or maven, i'm not sure of difference between them now) automated build sequence when people commit on project. any int appreciated maven dependencies (over ant) don't need pass around jars. recommend maven on ant day. syntax , overall process easier understand, @ end of both build tools. if able to, more recommend upgrading gradle. easy create different build types , create them ./gradlew assemble here project jake wharton can see power of gradle. there release , debug build, can make lot more if like. https://github.com/jakewharton/u2020 here android docs gradle http://tools.android.com/tech-docs/new-build-system/user-guide . if can't find looking here, check out main grad...
Read more

how to proxy from https to http with lighttpd -

i have internal site (192.168.2.1) accessible http on different server run public web-server using lighttpd. can make internal site accessible outside work follows $http["host"] == "internal.example.com" { ... proxy.server = ( "" => ( "internal" => ( "host" => "192.168.2.1", "port" => 8000 ) ) } this works, use https outside world. question is, how can proxy going https http ? i've tried this: $server["socket"] == ":443" { $http["host"] == "internal.example.com" { ... proxy.server = ( "" => ( "internal" => ( "host" => "http://192.168.2.1", "port" => 8000 ) ) } } but doesn't seem wor...
Read more

javascript - jQuery get link id -

i'm trying id-attribute of dynamic generated table. if click on first link want "editemploee-4". <table id="example" class="table span12 table-bordered table-hover"> <thead> <tr> <th>firstname</th> <th>lastname</th> <th>edit</th> </tr> </thead> <tbody> <tr> <td>person 1</td> <td>name person 1</td> <td><a href="#" class = "editdialog" id="editemployee-4"><img src="img/edit.png" height="20" /></a></td> </tr> <tr> <td>person 2</td> <td>name person 2</td> <td><a href="#" class = "editdialog" id="editemployee-5"><img src="img/edit.png" height="20" />...
Read more