I wandered if there is a way to enable Windows authentication only for the specific action of a particular ASP.Net Web API controller. There are several controllers with multiple actions in my web API web service, but only one action from one controller requires Windows authentication. These web services are implemented using Web API 2.1 and hosted in IIS (v7.5 and higher). Although this is an intranet web service, I do not want to enable Windows authentication on controllers and actions that it does not need. Please let me know if there is a way to enable Windows authentication for a specific controller and action.
My web service code is similar to the code below. Only the api / controller1 / action1 endpoint implemented with Controller1.Action1 requires Windows authentication. The rest of the steps do not require Windows authentication:
[RoutePrefix("api/controller1")] public class Controller1: ApiController { [Route("action1")] public HttpResponseMessage Action1() { return Request.CreateResponse<object>(HttpStatusCode.OK, null); } [Route("action2")] public HttpResponseMessage Action2() { return Request.CreateResponse<object>(HttpStatusCode.OK, null); } } [RoutePrefix("api/controller2")] public class Controller2 : ApiController { [Route("action1")] public HttpResponseMessage Action1() { return Request.CreateResponse<object>(HttpStatusCode.OK, null); } [Route("action2")] public HttpResponseMessage Action2() { return Request.CreateResponse<object>(HttpStatusCode.OK, null); } }
Thanks Rita
source share