I have a WEB Api controller, that has the [Authorize] tag at the top of the controller - which means all API in this class will have this rule applied. Like this:
[Authorize]
[RoutePrefix("api/v1/route")]
public class ItemController : ApiController
{
/// Etc...
My issue is that for a specific call within this class, I do not want this Auth rule to apply. I am sure I have seen a way of doing this before, but for all my googling I cannot find it. I think it is something like this:
[HttpPost]
[Route("singleCall")]
[NOTAUTH]//whatever should go in here
public void Log()
{
Any ideas???
Take a look at [AllowAnonymous].
This page has some examples.
You Can use [AllowAnonymous] Attribute.
Please refer to this article in order to know how to use them in conjunction with [Authorize] attribute.
ASP.NET MVC AllowAnonymous Attribute and Authorize Attribute
Related
I would like to list all the available endpoints a controller provides.
Is it possible to access the component(s) .NET uses to generate these routes (by, for instance providing it a type or controller name (string))?
The methods/verbs (so, POST, GET) are not even that important for my scenario, just the routes themselves.
Example
Please, take a look on the below ASP.NET Core code.
[ApiController]
[Route("[controller]")
public class HomeController : ControllerBase
{
[HttpGet("additional")]
public async Task<IActionResult> Whatever()
{
// ...
}
}
So, the method will be exposed as a GET endpoint on the URL of Home/additional.
I want to remove controller name from URL for specific Controller.
My Controller name is Product
I found some link to do this
Routing with and without controller name
MVC Routing without controller
But all the above links done in route config file. and those are affecting other controller too. I want to do it using Attribute Routing.
Can it is possible? As I want to do this for only Product controller.
I have tried to do it on action like this
[Route("Sample/{Name}")]
but it is not working.
Gabriel's answer is right, however, it can be a bit misleading since you're asking for MVC and that answer is for Web API.
In any case, what you want is to put the annotation over the class definition instead of an action method. MVC example would be like:
[RoutePrefix("SomethingOtherThanProduct")]
public class ProductController : Controller
{
public ActionResult Index()
{
...
return View();
}
}
I'm also dropping this as an answer since you may find the following article helpful: [Attribute] Routing in ASP.NET MVC 5 / WebAPI 2
Make sure you set the RoutePrefix attribute on the whole controller class, as well as using the Route attribute on the action.
[RoutePrefix("notproducts")]
public class ProductsController : ApiController
{
[Route("")]
public IEnumerable<Product> Get() { ... }
}
In .Net MVC5, how would one add a request filter to prevent action calls based on role membership?
See this comment:
wouldn't it make more sense to use a request filter to prevent the
action call on the controller in the event that the current user did
not have the right role membership instead of trying to mix the auth
logic in to the business logic?
Thank you.
My best solution for this is using:
[AuthorizeAttribute]
You can place it as a normal attribute is used in c# mvc, like for ex:
[Authorize]
public ActionResult AuthenticatedUsers()
{
return View();
}
You can also use it in top of the controller like this:
[Authorize]
public class HomeController : Controller
{
}
And if you want it do be depedent on roles, you just simple give one parameter to this attribute like this:
[Authorize(Roles = "Admin, Super User")]
public ActionResult AdministratorsOnly()
{
return View();
}
[Authorize(Users = "Betty, Johnny")]
public ActionResult SpecificUserOnly()
{
return View();
}
Here is some more detailed information for your question which I'd suggest would help you alot.
Good luck!
I would like all controllers which inherit from AdminBaseApiController to be prefixed with 'admin'.
This works fine of course:
[RoutePrefix("admin")]
public class ToggleController : AdminBaseApiController
{
[Route("toggle")]
public HttpResponseMessage Get()
{
}
}
However when I move the RoutePrefix("admin") out of the ToggleController and into the AdminBaseApiController (where I want it) - The route fails and I get a 404.
Am I looking at this all wrong? Thanks in advance!
Support for inheritance has been enabled in Web API 2.2 release...You can take a look at an example in the following Release Notes:
http://www.asp.net/web-api/overview/releases/whats-new-in-aspnet-web-api-22#ARI
Hi I am using wep api 2 to create this route. I have
in my WebConfigApi defined
config.MapHttpAttributeRoutes();
// In Globa.asax
GlobalConfiguration.Configure(WebApiConfig.Register);
My method is decorated as
[Route("api/pO")]
[AcceptVerbs("Getpo")]
[HttpGet]
public IEnumerable<pOver> Getpo()
{
------
}
When I run this using
../api/pO/Getpo
I keep getting error
"<Error><Message>No HTTP resource was found that matches the request URI 'http://localhost:60482/api/pO/Getp0'.</Message><MessageDetail>No action was found on the controller 'prO' that matches the request.</MessageDetail></Error>"
Please let me know how to decorate it properly to run it.
Thanks
I think you want it to look like this:
[Route("api/pO/Getpo")]
[HttpGet]
public IEnumerable<pOver> Getpo()
{
------
}
The AcceptVerbs attribute is meant to do something similar to the HttpGet attribute that you have put on your Action. you could use AcceptVerbs("GET") in place of the HttpGet attribute.