Img_0738_large

Kevin Rich

Restricting Access to Routes without [Authorize] Filter

Locking down Swagger, Elmah, and other "magic" endpoints

Create a Delegating Handler

In this example, I want to lock down the \swagger endpoint from an ASP.NET 4.6.1 MVC web application.

 public class SwaggerAccessMessageHandler : DelegatingHandler { protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { if (IsSwagger(request) . . .

Read More

December 05, 2016

Adding User Claims via API keys in WebApi 2

Adding a Custom Authentication Filter

Scenario

I have an API that I wish to lock down via an API key the user will embed in the request header. We will accomplish this using the WebApi.AuthenticationFilter NuGet package to create a custom AuthenticationFilterAttribute which will check the incoming request header for an "api-key" key and related value.

Project . . .

Read More

July 19, 2016

Archive

Cover image credit: http://whoiskevinrich.com