0

I'm building a WebApi application which needs to authenticate for every request by validating credentials from the HTTP header sent.

I was hoping to use an HttpModule for this, but when I debug, the module is only hit when I start the app. I can actively fire requests at a controller action and it will never hit the HttpModule (and thus never check credentials).

I've activated the HttpModule in the web.config like so: 

<system.webServer>
    <modules>
      <add name="BasicAuthHttpModule" type="MyAssembly.Modules.BasicAuthHttpModule"/>
    </modules>

Why does the module not run when I call the controller - is this method not appropriate for authenticated WebApi apps? I can't use IIS authentication in my case.

Improve this question

1 Answer 1

Reset to default
1

If your goal is to ensure every single incoming Http request has the appropriate BasicAuth headers, try adding the runAllManagedModulesForAllRequests attribute to the module in your config file:

<modules runAllManagedModulesForAllRequests="true">
  <add name="BasicAuthHttpModule" type="MyAssembly.Modules.BasicAuthHttpModule"/>
</modules>

A more appropriate solution would be to use an Action Filter for authorization:

http://www.ryadel.com/en/http-basic-authentication-asp-net-mvc-using-custom-actionfilter/

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.