ASP.NET Web API Authentication and Validation

Question

I use ASP.NET Web API and use Authentication by reference to http://stevescodingblog.co.uk/basic-authentication-with-asp-net-webapi/

It works well.If the request which has not Authorization header, response HttpStatusCode is "Unauthorized".

But when some json data send from clientside which has some incorrect column, response HttpStatusCode is "Internal Server Error" though the request has not Authorization header.

[BasicAuthentication]
public HttpResponseMessage Create(Customer customer)
{
  // 
}
public class Customer{
  public int id{set;get;}
  public string name{set;get;}    
}

For example, send POST method to /Create, Content-Type is application/json, and Request Body { "id": "abc", "name": "someone" }(id is wrong:not int but string) and don't have Authorization header. Response HttpStatusCode is "Internal Server Error" not "Unauthorized".

Maybe creating customer instance is earlier than Authorization. Do you know to change Authorization first?

smlync smlync · Accepted Answer · 2012-08-31T14:59:26

If you've created your BasicAuthenthication attribute as an ActionFilterAttribute, you can try changing it to a AuthorizationFilterAttribute. OnActionExecuting will then change to OnAuthorization. I think most of the rest of it should be fairly similar.

ASP.NET Web API Authentication and Validation

1 Answers