2

I followed this tutorial http://www.tugberkugurlu.com/archive/api-key-authorization-through-query-string-in-asp-net-web-api-authorizationfilterattribute to create custom Authorization filter.

I have CarController with my custom Authorize Attribute: [ApiKeyAuth("apiKey", typeof(ApiKeyAuthorizer))]

I send two parameters in the url .. host/Car/4?username=xxx&pass=xxx It works basically fine, however I want to allow only car owners to see information about their cars. E.g. user ABC can see only host/Car/5 and user DEF can see host/Car/6 and host/Car/10 how can I solve this scenario? How can I access the id of the car used in query (host/Car/ID) in my ApiKeyAuthorizer.

Greetings

Improve this question
0

1 Answer 1

Reset to default
1

If you look at his code, https://github.com/tugberkugurlu/ASPNETWebAPISamples/tree/master/TugberkUg.Web.Http/src/samples and https://github.com/tugberkugurlu/ASPNETWebAPISamples/tree/master/TugberkUg.Web.Http/src/TugberkUg.Web.Http, I think you'll find that he's pulling the data directly from the query string. It should simply be a matter of extending that method to pull in the id parameter. You might also want to look at the RequestContentKeyValueModel on the HttpActionContext parameter passed into the OnAuthorization method. The documentation is sketchy and I haven't played with it yet, but that seems like a likely candidate to me. However, the route data is available indirectly through the HttpRequestMessage via an extension method, specifically:

message.GetRouteData();

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

yes, that's what I did to pass both username and password for authorization.. however, I don't want to pass id or other parameters in this way as well.. otherwise what's the point of using ASP.NET Web API if I handle all parameters on my own anyway
@Bart - I did some more poking around and found geekswithblogs.net/jdothoffman/archive/2012/03/06/…, which gets us closer, but you should be able to get the route data directly from the request via the GetRouteData extension. I've updated.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.