How to authorize my Web API Service?

Question

I have download a project from the ASP.NET site: http://www.asp.net/web-api/overview/getting-started-with-aspnet-web-api/tutorial-your-first-web-api

In which, The service should be available only for what are the user names mentioned in the Authorize annotation like following.

[Authorize(Users="Alice,Bob")]

So If the user name is other than the 'Alice and Bob', then only it shows Unauthorized user message. I added the above given annotation to my controller and tried the url but it shows Unauthorized user message always.So how to secure my Web API ?. please anybody give some example code for authorize my web api service.

Answer 1

根据您遵循的说明，没有名为Alice，Bob的用户，或者您没有以他们的身份登录（前提是您已正确遵循所有其他说明）在您发布的同一网站上遵循以下准则： 身份验证和授权ASP.NET Web API中的 安全使用ASP.NET Web API 2.2中的个人帐户和本地登录来保护Web API

Answer 2

Check this it's a great series of blog posts to implement Authorization using Json Web Token. It's a bit complex but a complete tutorial and JWT ofc has many benefits

http://bitoftech.net/2015/01/21/asp-net-identity-2-with-asp-net-web-api-2-accounts-management/