Home > OS >  Attribute To Secure Web Api
Attribute To Secure Web Api

Time:12-06

I am working with a web api where it should have a request key and depending upon it, the api controller will do specific task. I am using rest client program in vs code and did the following for testing:

GET http://localhost:PortNo/WeatherForecast/GetAllTeams
test: "12345678910" //Key

So in the controller, I did this to get the key value:

[HttpGet]
public async Task<ActionResult<IEnumerable<TeamDetails>>> GetAllTeams()
{
    string Token = Request.Headers["test"]; //Getting the key value here
    var teams = _service.GetAllTeams();

    return Ok(teams)
}

But I've few things in mind and doing R & D like how can I make the above with an attribute. Say each controller will have an attribute as follows and make the request invalid if no proper key found:

[InvalidToken] //This is the attribute
[HttpGet]
public async Task<ActionResult<IEnumerable<TeamDetails>>> GetAllTeams()
{
   var teams = _service.GetAllTeams();

   return Ok(teams)
}

I am not sure if this is going to make the api secure and my plan is to valid every http request (In my case, a simple form submission at the moment), so it should say the request is generated from the web api app.

N.B: I worked with web api earlier in small sections but now a broader thing to implement, so expecting few suggestions that can help me to guide for better design.

CodePudding user response:

if you want secure your Web Api you can use "ASP.NET Core Middleware".

CodePudding user response:

try it:

using Microsoft.AspNetCore.Mvc.Filters;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Logging;
using System;

..

public class InvalidToken : Attribute, IActionFilter
    {
        
        public InvalidToken( )
        { 
           
        }

        public void OnActionExecuting(ActionExecutingContext context)
        {
            var Authorization = context.HttpContext.Request.Headers["test"];
             
            if ( Authorization != "12345678910")
            {
                context.ModelState.AddModelError("Authorization", "Authorization failed!");
                return;
            }
            
             
        }

        public void OnActionExecuted(ActionExecutedContext context)
        {
            //   "OnActionExecuted" 
            
        }

         
    }

Startup.cs

     services.AddScoped<InvalidToken>();
// add filter to whole api
     services.AddControllers(options =>
                {
                    options.Filters.Add<InvalidToken>();
                });

Page link:https//www.codepudding.com/os/216869.html

Prev:Filter JSON Array with dynamic conditions
Next:How do i send string from code behind in C# to Ajax JQuery and how do i parse it?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding