Custom Actions - ApiController

aspmaker_fan · December 27, 2019, 11:41am

public class GetDealerByNameController : ApiController
{
[HttpGet(“{name}”)]
public IActionResult Get([FromRoute] string name)
{
string tsql = “SELECT * FROM Dealer WHERE dealercode = '” + AdjustSql(name) + “'”;
var rs = ExecuteRow(tsql);
return Json(rs); // Get the value from route
}
}the above action does not require a user name and password or JWT token to access the data. How do we authenticate and authorize custom actions?

MichaelG · December 29, 2019, 11:11pm

Try adding:if (ValidApiRequest()) {
//… process API request
} else {
return new JsonBoolResult(new { success = false, error = “user not logged in” }, false);
}

aspmaker_fan · December 30, 2019, 10:19am

Thank you Michael,

ValidApiRequest returns true always regardless of the security. So it produces the same results.Kind regards

MichaelG · December 30, 2019, 11:03pm

Change to:
if (ValidApiRequest() && Security.IsLoggedIn) {

aspmaker_fan · January 2, 2020, 10:44pm

Thanks Michael, that seems to be fixed the issue.Kind regards