Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>I pass the secret API key along with username and password in the request body. Once authorized, a token is generated and the client has to pass that in the Authorization header. This gets checked in the base controller on each request.</p> <ol> <li>Client calls myapp.com/authorize which return auth token.</li> <li>Client stores auth token locally.</li> <li>Client calls myapp.com/anycontroller, with authtoken in Authorization header.</li> </ol> <p>AuthorizeController inherits from controller. Anycontroller inherits from a custom base controller which performs the authorization code.</p> <p>My example requires the following route which directs POST requests to an ActionResult named post in any controller. I am typing this in by hand to simplify it as much as possible to give you the general idea. Don't expect to cut and paste and have it work :)</p> <pre><code>routes.MapRoute( "post-object", "{controller}", new { controller = "Home", action = "post" {, new { httpMethod = new HttpMethodConstraint("POST")} ); </code></pre> <p>Your auth controller can use this</p> <pre><code>public class AuthorizationController : Controller { public ActionResult Post() { string authBody; var request = ControllerContext.HttpContext.Request; var response = ControllerContext.HttpContext.Response; using(var reader = new StreamReader(request.InputStream)) authBody = reader.ReadToEnd(); // authorize based on credentials passed in request body var authToken = {result of your auth method} response.Write(authToken); } } </code></pre> <p>Your other controllers inherit from a base controller</p> <pre><code>public class BaseController : Controller { protected override void Execute(RequestContext requestContext) { var request = requestContext.HttpContext.Request; var response = requestContext.HttpContext.Response; var authToken = Request.Headers["Authorization"]; // use token to authorize in your own method var authorized = AmIAuthorized(); if(authorized = false) { response.StatusCode = 401; response.Write("Invalid token"); return; } response.StatusCode = 200; // OK base.Execute(requestContext); // allow inheriting controller to continue } } </code></pre> <p>Sample code to call the api</p> <pre><code> public static void ExecutePostRequest(string contentType) { request = (HttpWebRequest)WebRequest.Create(Uri + Querystring); request.Method = "POST"; request.ContentType = contentType; // application/json usually request.Headers["Authorization"] = token; using (StreamWriter writer = new StreamWriter(request.GetRequestStream())) writer.Write(postRequestData); // GetResponse reaises an exception on http status code 400 // We can pull response out of the exception and continue on our way try { response = (HttpWebResponse)request.GetResponse(); } catch (WebException ex) { response = (HttpWebResponse)ex.Response; } finally { using (StreamReader reader = new StreamReader(response.GetResponseStream())) responseText = reader.ReadToEnd(); httpcontext = HttpContext.Current; } } </code></pre>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload