Will the OnAuthorization Method of AuthorizationFilterAttribute be executed every time a request comes in?
I am writing a Web API (v2.2) to access another REST API. The reason is that I want to restrict some functionality and provide more user-friendly data. In short, I am writing a wrapper for some REST API. I provide authentication / authorization through my implementation AuthorizationFilterAttribute
. Here's a snippet of code:
public override void OnAuthorization(HttpActionContext actionContext)
{
var authorizeHeader = actionContext.Request.Headers.Authorization;
if (authorizeHeader != null
&& authorizeHeader.Scheme.Equals("basic", StringComparison.OrdinalIgnoreCase)
&& String.IsNullOrEmpty(authorizeHeader.Parameter) == false)
{
// Code to test is username/password correct for second API
// Trying to get some recourse with provided credentials
// ...
}
}
Now I want to understand if I have set an action attribute
for a controller like:
[HttpGet]
[Route("{taskId}/{dispatchId}")]
[SecureResourceAttribute] // This is my attribute
public IHttpActionResult GetDispatch(string taskId, string dispatchId)
Every time I request this action, OnAuthorization
will the method be executed? Does it install anywhere that client is already allowed? If not, how can I get it to keep the client already logged in?
Thank you for your time.
source to share
Q: Will OnAuthorization be called on every call?
A: If the controller is decorated with the [Authorize] attribute, yes.
Q: does it store this client somewhere already authorized?
A: No. The service has no status by default.
Q: If not, how can I get it to keep this client already authorized?
A: This again refers to the fact that the WEB API service is stateless and there is no relationship between the various requests that come in.
source to share