Using AdvantageApiAuthorization to Secure API Endpoints
This guide explains how to use the attribute to secure API endpoints by integrating custom authorization logic.
Developers can implement this by decorating their API controllers or specific actions with the attribute.
public class SecureAPIAuthorization : AdvantageApiAuthorizeBase
{
public override void OnAuthorization(HttpActionContext actionContext)
{
var authorizationHeader = actionContext.Request.Headers.Authorization;
if (authorizationHeader == null || authorizationHeader.Scheme != "Bearer")
{
actionContext.RequestContext.Principal = null;
base.OnAuthorization(actionContext);
return;
}
var token = authorizationHeader.Parameter;
bool isValidToken = ValidateToken(token);
if (!isValidToken)
{
actionContext.RequestContext.Principal = null;
base.OnAuthorization(actionContext);
return;
}
// Set the principal for authenticated users
// actionContext.RequestContext.Principal = new GenericPrincipal(new GenericIdentity("MYSecureUser"), null);
base.OnAuthorization(actionContext);
}
protected override bool IsAuthorized(HttpActionContext actionContext)
{
return actionContext.RequestContext.Principal != null;
}
private bool ValidateToken(string token)
{
return token == "your-valid-token"; // Replace with real token validation logic
}
}
[AdvantageApiAuthorization(typeof(SecureAPIAuthorization))] public class SecureController : AdvantageApiControllerBase { public IHttpActionResult GetSecureData() { return Ok("Access granted to secure data."); } }
The is used to manage API authorization by validating requests based on token authentication.
Below is a sample implementation of a custom authorization class: