Learn how the authorize attribute can quickly and easily secure your APIs.
- [Instructor] So far, we've created…only publicly accessible RESTful APIs.…Those are fine for some situations, like demoware,…but most of the real world APIs you will build…will be secured in some way.…Web API provides a very simple mechanism to do that…called the authorize attribute.…Let's look at how it works.…Here we are in the ReservationController…that we created earlier.…You may remember that this controller,…like all the others we created so far,…is publicly accessible, requiring no login…to be able to access it.…
To confirm this fact, let's hit the get all endpoint…of the API reservation controller.…As you can see, it gives us back a list of reservations…without us doing anything first to authenticate.…Back in the ReservationController,…let's add an authorize attribute…in front of the controller class.…Just like the other attributes…that we've used in this course,…we use the name of the attribute class…without the word attribute at the end…and we put it inside square brackets.…
Using this here will tell Web API…
AuthorJonathan "J." Tower
- Convention-based routing
- Binding your code to an HTTP request
- Validating models
- Using attributes to route requests
- Customizing attribute routes
- Data serialization and model binding
- Error handling
- Using exception filters and exception loggers
- API documentation and testing
- Securing your API
Skill Level Beginner
ASP.NET MVC: HTTP Request Life Cyclewith Janan Siam2h 15m Advanced
1. Controllers and Actions
3. Data Serialization and Model Binding
4. Error Handling
5. API Documentation and Testing
Next steps1m 38s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.