Skip to content
The missing AuthenticationFilterAttribute from ASP.NET Web API 2
Branch: master
Clone or download
mbenford Re-format code examples
Re-format code examples so they fit on the page.
Latest commit fc44e72 May 12, 2014
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.nuget Add AuthenticationFilterAttribute class May 9, 2014
WebApi.AuthenticationFilter Clean up code May 12, 2014
.gitignore Initial commit May 8, 2014
LICENSE Initial commit May 8, 2014
README.md Re-format code examples May 12, 2014
WebApi.AuthenticationFilter.sln Add AuthenticationFilterAttribute class May 9, 2014

README.md

WebApi-AuthenticationFilter

The missing AuthenticationFilterAttribute from ASP.NET Web API 2.

Motivation

ASP.NET Web API 2 has introduced a new filter interface, IAuthenticationFilter, which can be used to provide custom authentication to APIs powered by the framework. If you used the IAuthorizationFilter interface in the past to implement both authentication and authorization, now you can split those two concerns into separate classes.

But contrary to what you may expect, there's no AuthenticationFilterAttribute class to extend, as you would do for all other filters. According to Web API devs, that's by design since they don't expect the average user to use an authentication filter.

So that's what this simple project is all about: to fill that gap and provide an AuthenticationFilterAttribute class that you can use the same way you use all other Web API filters.

Installation

To install WebApi.AuthenticationFilter, run the following command in the Package Manager Console inside Visual Studio:

Install-Package WebApi.AuthenticationFilter

The package currently depends on Microsoft ASP.NET Web API 2.1 Core (≥ 5.0)

Basic usage

You can use the AuthenticationFilterAttribute class either synchronously or asynchronously:

Synchronously

using WebApi.AuthenticationFilter;

public class AuthenticationFilter : AuthenticationFilterAttribute
{
	public override void OnAuthentication(HttpAuthenticationContext context)
	{
        if (!Authenticate(context))
        {
            context.ErrorResult = new StatusCodeResult(HttpStatusCode.Unauthorized, 
                context.Request);
        }
	}

    private bool Authenticate(HttpAuthenticationContext context)
    {
        // Authenticates the request 
    }
}

Asynchronously

using WebApi.AuthenticationFilter;

public class AuthenticationFilter : AuthenticationFilterAttribute
{
	public async override Task OnAuthenticationAsync(HttpAuthenticationContext context, 
        CancellationToken cancellationToken)
	{            
        if (!await Authenticate(context))
        {
            context.ErrorResult = new StatusCodeResult(HttpStatusCode.Unauthorized, 
                context.Request);
        }            
	}

    private Task<bool> Authenticate(HttpAuthenticationContext context)
    {
        // Authenticates the request 
    }
}

Now all you have to do is register your filter, typically in the WebApiConfig.cs file:

public static class WebApiConfig
{
    public static void Register(HttpConfiguration config)
    {     
        config.Filters.Add(new AuthenticationFilter());
    }
}
You can’t perform that action at this time.