0 
public class BodyPhoto
{
    [Key]
    public int PhotoID { get; set; }

    public int UserID { get; set; }
    public virtual User User { get; set; }
    public DateTime Date { get; set; }
    public string PhotoSource { get; set; }

    public string MuscleGroup { get; set; }
}

I want to have a web api for this. User login to the website, and has unique UserID. User does a post with BodyPhoto. How can i make sure i save BodyPhoto with correct UserID.

I am confused how to implement this with asp.net web api. Maybe with sessions and authentication filters.

Improve this question
2
  • You would initiate a post to the Web API from a page where you would typically have a hidden form control that contains the user ID. You would post that value with your other data so that it would be model bound and the Web API could access it. Commented Oct 17, 2013 at 12:53
  • yes but how do i make sure client can't change the hidden value Commented Oct 17, 2013 at 16:09

1 Answer 1

Reset to default
1

similar to MVC, you can use the AuthorizeFilterAttribute to authenticate and authorise your api requests.

http://www.asp.net/web-api/overview/security/authentication-and-authorization-in-aspnet-web-api

Extend that attribute if you wish to implement your own membership/role provider.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Can you be more specific, i still don't understand how authentication works.
Have you done any reading whatsoever on Membership Providers?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.