How to secure ASP.Net Web APIs using authorization filters

Take advantage of ASP.Net Web API authorization filters to authorize incoming requests to your web API

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

Security is a major concern in web-based enterprise applications. When you need to transmit data over the wire, you should be aware of the various tools you can use to secure that data.

ASP.Net Web API is a lightweight framework used for building stateless RESTful services that run on HTTP.  One way to secure Web API services is with authorization filters.

Ideally, you should perform authentication and authorization early in the Web API pipeline. This helps to eliminate unnecessary processing overhead from the request cycle. Note that, whether you use HTTP modules or HTTP message handlers for authentication, you can retrieve the current principal (i.e. the user) from the ApiController.User property.

Also keep in mind that Web API authorization filters execute before the controller action methods. So if the incoming request is not authorized, an error will be returned from the service, the request will be ignored, and the action method of the service will not be executed.

Using the AuthorizeAttribute authorization filter

To continue reading this article register now