System.Web.Http.Authorize versus System.Web.Mvc.Authorize
asp.netasp.net Mvcasp.net Web-Apiasp.net Problem Overview
Which Authorize Attribute ?
System.Web.Http.Authorize
System.Web.Mvc.Authorize
using System.Web.Mvc // or
using System.Web.Http
A typical controller
[Authorize]
public class SomeController : Controller
We have controllers Annotated with [Authorize]
I just noticed that due to using namespaces the annotations technically refer to different attribute classes.
The project contains MVC controllers and WEBAPI controllers.
Which one should I use and why ? What issues might we have if I dont fix this ?
asp.net Solutions
Solution 1 - asp.net
You must use System.Web.Http.Authorize
against an ApiController
(Web API controller) and System.Web.Mvc.Authorize
against a Controller
(MVC controller). Since the framework runs the filters as part of the pipeline processing and the controllers expect the right filter to be applied, if you don't use the corresponding filter, authorization will not work.