WebApi MVA 4.0 Application and Mixed Authentication

Question

WebApi MVA 4.0 Application and Mixed Authentication

I ask if AD and Basic authentication can be provided for my WebApi Manager services. I intend for all internal (corporate) users to be authenticated with AD (Windows) credentials for seamless login, but Basic Authentication for mobile and external (non-compact) users. I find information regarding the use, but not necessarily the best approach to using both. I'm not interested in adding external users to AD.

+4

asp.net-web-api asp.net-mvc-4 windows-authentication basic-authentication

Ryan fisch Jan 9 '13 at 4:46

source share

1 answer

heads5150 · Accepted Answer · 2013-01-09T05:09:17+0000

The approach you can take is to create a custom action filter and register it globally.

Something along the lines

public class MixedAuthenticationAttribute : System.Web.Http.Filters.ActionFilterAttribute { public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext) { //basic auth header check if (actionContext.Request.Headers.Authorization == null) { //no auth header run AD authentication process. } else { //basic auth authentication } } }

WebApi MVA 4.0 Application and Mixed Authentication

More articles: