A simple flexible .NET library for attribute based authorization for WebApi2 projects
Note: For WebApi1 projects using AttributeRouting use the 1.1.0.0 version of the package.
Grab the source, or use NuGet:
Install-Package AttributeAuthorization
AttributeAuthorization allows you to use attributes on your WebApi methods for authorization of API endpoints.
[POST("file")]
[AuthorizedFor("file:write")]
public HttpResponseMessage PostUploadFile(FileData data)
{
....
}And then easily test if the current caller is allowed access to that method:
if (!authorization.IsAllowed(Request))
{
return Request.CreateResponse(HttpStatusCode.Forbidden, "You do not have access to this method");
}- Use attributes to define and document permissions on API methods.
- Support for auto-expanded parent:child permissions where access to the parent allows access to the child.
- Support for public methods where authorization is not required.
- Secure by default. Default route, non-attributed, mixed public/private methods are not allowed by default. Behavior is easily controlled.
- Works with OAuth, API Key or other authorization strategies.
- MIT License
Make any assumptions about your security method. You plug in the method you need to determine the authorization carried with a request.