In this video, see how setting AllowAnonymous on your controllers and methods can make them publicly accessible without authorization.
- [Instructor] Occasionally you'll want to explicitly set…an entire controller to be authorized…with the authorize attribute,…but you'll want to make an exception…for one or two of the action methods within that controller.…Web API has another attribute called allow anonymous…that allows you to do just that.…The reservations controller has already been secured,…but let's say we wanted to change it…so that just the get by ID method is still accessible…without being authenticated.…We can easily do that…by placing the allow anonymous attribute here…in front of the get reservation by ID method.…
All of the other methods in this controller…will now be secured except for this one.…Let's test this out in Postman.…First we'll hit the /api/reservation endpoint…with a get request.…This'll verify that the get all endpoint is still secured.…As you can see,…the response is still a 401 unauthorized response.…However, if I change the request…by adding a /1 to the end of it,…now we're going to hit our get by ID method.…
Because this method was set to allow anonymous,…
AuthorJonathan "J." Tower
- Convention-based routing
- Binding your code to an HTTP request
- Validating models
- Using attributes to route requests
- Customizing attribute routes
- Data serialization and model binding
- Error handling
- Using exception filters and exception loggers
- API documentation and testing
- Securing your API
Skill Level Beginner
1. Controllers and Actions
3. Data Serialization and Model Binding
4. Error Handling
5. API Documentation and Testing
Next steps1m 38s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.