Web API assumes that authentication happens in the host. For web-hosting, the host is IIS, which uses HTTP modules for authentication. You can configure your project to use any of the authentication modules built in to IIS or ASP.NET, or write your own HTTP module to perform custom authentication.
In Web API, authentication filters implement the System.Web.Http.Filters.IAuthenticationFilter interface. They should also inherit from System.Attribute, in order to be applied as attributes.
The IAuthenticationFilter interface has two methods:
- AuthenticateAsync authenticates the request by validating credentials in the request, if present.
- ChallengeAsync adds an authentication challenge to the HTTP response, if needed.
Continue reading “Authentication and Authorization in ASP.Net Web API”