I have a controller with the default post method. I want to add one more with a different name and action. The problem is when I make the request POST (http://localhost:57926/api/Users/Login) it doesn't execute Login method, it executes the default PostUser method.
How can I fix this?
// POST: api/Users
[ResponseType(typeof(User))]
public IHttpActionResult PostUser(User user){
//Some code
}
[HttpPost]
[Route("Login")]
public IHttpActionResult Login(JObject form)
{
//some code
}
Related
I created a custom filter class which inherit ActionFilterAttribute
the method looks like below
public override void OnActionExecuting(HttpActionContext actionContext)
{
//my custom code
}
and my controller looks like below
[HttpPost]
[ActionName("Get")]
[Authorize]
[Filters.AuthorizeLogin()]
public List<BusinessEntities.Admin.Role> Get(Dictionary<string, string> Parameters)
{
//My api call
}
but the problem is whenever my token got expired my custom function (OnActionExecuting) did not execute,
I want to execute my custom function even after my token got expired.
and should I use [Authorize] filter when using [Filters.AuthorizeLogin()] filter in my api controller.
i am new to webapi and MVC in general. If I wanted to group my service URLs like this
/api/account/create
/api/account/login
/api/account/resetpass
Am I able to put all 3 method calls in the same controller file and somehow map a particular request to the right method?
Create a Controller named Account and Create 3 [GET, POST, PUT, DELETE] method and name them create , login ,resetpass.
By Default, this is the routing for MVC / API(Id can be optional)
route Template: "api/{controller}/{id}",
Example :
public class AccountController : ApiController
{
[HttpPost]
public string Create()
{
// CODE
}
[HttpPost] // or [HttpGet]
public string Login ()
{
// CODE
}
[HttpPost]
public string Resetpass()
{
// CODE
}
}
if you had trouble calling them, try to give them a specific route :
[HttpGet("GetSubject/{subject}")]
public int GetSubjectId(String subject)
{
//CODE
}
Please if you get any error or misunderstanding, don't hesitate to post a comment
If the authorize attribute has been applied to the controller is it possible to allow unauthorized access to an action/viewresult inside that controller?
Say for example I didn't want authorization to occur on Test2 in the following:
[Authorize]
public class TestController : Controller
{
public ViewResult Test()
{
return View();
}
public ViewResult Test2()
{
return View();
}
}
Thanks in advance.
No, this is not possible. You will have to apply the Authorize attribute on the Test action and not on the controller. Another possibility is to put the Test2 action on another controller which is not decorated with this attribute.
Back in MVC 3 it appears it was indeed not possible to do (as mentioned Darin Dimitrov), but if anyone using MVC 4 (and up) comes across this question, he\she should be able to use AllowAnonymous filter to achieve the result. So the code would become:
[Authorize]
public class TestController : Controller
{
public ViewResult Test()
{
return View();
}
[AllowAnonymous]
public ViewResult Test2()
{
return View();
}
}
Is There one way to make a [Authorize] attibute be ignored in one action in a controller class that has a Authorize attribute?
[Authorize]
public class MyController : Controller
{
[Authorize(Users="?")]//I tried to do that and with "*", but unsuccessfuly,
public ActionResult PublicMethod()
{
//some code
}
public ActionResult PrivateMethod()
{
//some code
}
}
Just the PrivateMethod() should have authentication required, but it has been required too.
PS: I wouldn't like to make my custom authorize filter.
[]'s
You can use [AllowAnonymous]
[Authorize]
public class MyController : Controller
{
[AllowAnonymous]
public ActionResult PublicMethod()
{
//some code
}
public ActionResult PrivateMethod()
{
//some code
}
}
By default it's impossible - if you set [Authorize] for controller then only authenticated user can access to action.
or
You can try custom decisions: stackoverflow.
A solution is in this article: Securing your ASP.NET MVC 3 Application
The article talks about a white list approach where you decorate actions with a AllowAnonymous custom attribute. It requires that you extend AuthorizeAttribute and the OnAuthorization method to skip authorization checks of AllowAnonymous -actions. (The approach is credited to Levi, a security expert on the MVC team.)
public class MyController : Controller
{
[Authorize] //it will only work for the following action
public ActionResult PublicMethod()
{
//some code
}
public ActionResult PrivateMethod() //[Authorize] will not work for this action
{
//some code
}
}
Just for future reference This is now available to be done by the the [AllowAnonymous] attribute in ASP.NET MVC 4.
More Info
I would like to catch the AmbiguousMatchException whenever it is thrown and then write some code to resolve it. For example, I have an action ChangePassword which should be called only if the user is logged in. I have another method RenewPassword which must be called if the user is not logged in. I have given the same action name to both these methods.
[HttpPost]
[ActionName("ChangePassword")]
public ActionResult RenewPassword(ChangePasswordModel model)
{
...
}
[Authorize]
[HttpPost]
[ActionName("ChangePassword")]
public ActionResult ChangePassword(ChangePasswordModel model)
{
...
}
I want to use the same action name because I do not want the view to have to worry about which action to call. I know that I can write a custom FilterAttribute which will do the reverse of what AuthorizeAttribute does, apply it to the RenewPassword method, and thereby resolve the ambiguity. However, this seems like too much work for a very simple need.
Any better ideas? Is there a built in way to say that a particular action should be executed only for anonymous users and not for logged in users?
If you don't views having to worry about which action to call why not writing a reusable HTML helper:
public static class HtmlExtensions
{
public static MvcForm BeginChangePasswordForm(this HtmlHelper htmlHelper)
{
if (htmlHelper.ViewContext.HttpContext.User.Identity.IsAuthenticated)
{
return htmlHelper.BeginForm("ChangePassword", "SomeController");
}
return htmlHelper.BeginForm("RenewPassword", "SomeController");
}
}
and inside your view:
#using (Html.BeginChangePasswordForm())
{
...
}
and in the corresponding controller:
[HttpPost]
public ActionResult RenewPassword(ChangePasswordModel model)
{
...
}
[Authorize]
[HttpPost]
public ActionResult ChangePassword(ChangePasswordModel model)
{
...
}