I have a web api with four controllers.From the four controllers,i need to give a user access to only that one controller but ensure other users are able to access the remaining controllers.
I have used [ApiExplorerSettings(IgnoreApi = true)] attribute but wanted to have a better way to manage the controllers dynamically.The web api is accessed by two different users and i want one of the users to access only a certain controller only.Any idea how to do this?
You can specify users and roles in the Authorize
attribute on your controllers and actions. For example:
// Restrict by user:
[Authorize(Users="Alice,Bob")]
public class ValuesController : ApiController
{
}
// Restrict by role:
[Authorize(Roles="Administrators")]
public class ValuesController : ApiController
{
}
These can be places at the class level or at the action method level.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.