Watch videos with subtitles in your language, upload your videos, create your own subtitles! Click here to learn more on "how to Dotsub"

ASP.NET Web API, Part 6: Authorization

0 (0 Likes / 0 Dislikes)
  • Embed Video

  • Embed normal player Copy to Clipboard
  • Embed a smaller player Copy to Clipboard
  • Advanced Embedding Options
  • Embed Video With Transcription

  • Embed with transcription beside video Copy to Clipboard
  • Embed with transcription below video Copy to Clipboard
  • Embed transcript

  • Embed transcript in:
    Copy to Clipboard
  • Invite a user to Dotsub
[Microsoft] [] [ASP.NET Web API] [Part 6: Authorization] Hi, this is Jon Galloway from Microsoft. We're continuing our look at ASP.NET Web API with a look at authorization. In a previous screencast, we used a custom action filter to enforce validation, and that was a little tricky because we had to both write and register that filter. This case is a little bit easier because there's a built-in filter for authorization. So let's take a look. We're in our CommentsController, and in order to enforce authorization for this entire CommentsController, all I need to do is drop an Authorize attribute on the controller class. If I go to Definition, you can see that the CommentsController is actually inside of System.Web.Http, so this is built in. We need to keep in mind that we're writing an HTTP service, not a website. So in this case, we can't just redirect to a login page. All we're doing is returning an HTTP 401, and it's up to our client to decide how to handle that. If we take a look at the JavaScript, we'll see now that we've changed our Get method so that it handles both status codes it can expect— a 200, which says that the Get succeeded, and a 401, which says that authorization failed. In this case we've decided to, on the client, redirect to the login page. So let's take a look at this in action. I'm first going to request comments without authorization. So the service is going to respond with an HTTP 401 and the client redirects me to the login page. Now I'm going to log in, and now that I'm authorized, I can request comments and the service will provide them to me. So this is accomplished via 2 things: 1) the Authorize attribute on my service; and 2) on my JavaScript I need to handle the status code HTTP 401, which says that I'm unauthorized. That concludes our look at authorization in ASP.NET Web API. [Microsoft] []

Video Details

Duration: 2 minutes and 15 seconds
Country: United States
Language: English
License: All rights reserved
Genre: None
Views: 7
Posted by: neudesicasp on Sep 23, 2013

Note: This video contains information from a pre-release version of ASP.NET Web API. For information on what changed, see the updated sample code at

Caption and Translate

    Sign In/Register for Dotsub to translate this video.