Authentication and Authorization in ASP.NET Web API using Custom Filters

  • Web API is a platform for building RESTful applications on DotNet Framework. 
  • These API’s can be consumed from Console, Windows, Web, Mobile Applications.
  • As Web API is a part of core ASP.NET, it can be created on either MVC applications, or any other web applications.
  • Web API’s uses all the HTTP features like Request and Response headers, caching and so on…
  • Web API’s can return the data in various formats like
    • string format
    • Json format
    • XML format
    • BSON format

Step 1: Create a  ASP.NET Web API application

Open Visual Studio –> File –> New –> Project –> choose template Web –> click on ASP.NET Web Application  and provide name of the application–> choose Web API from the below check boxes –> Click OK

Step 2: Create a Model and inherit GenericIdentity from Security.Principal assembly

File: UserModel.cs


Step 3: Now add a new class for Creating custom filter as MyAuthorization and inherit AuthorizationFilterAttribute and add the following assemblies MyAuthorization class.

File: MyAuthorization.cs


Step 4: Here is your CustomAuthorization Filter MyAutorization


Step 5: Now create an API Controller and add your custom filter. Here I’m adding for only one method for testing you can add it for the entire class or add it globally.

File: Global.asax 

Add the below line in Application_Start( ), this registers our custom Filter for the entire application.

 File: EmployeeAPIController.cs


Step 6: Now create your GUI and on a button click write a server side method. Form this method you can communicate with API. In my case I took a console application.

  1. If you run the web project you will get your local host URL, in my case it was http://localhost:58100/
  2. Here in the authorization Header I have added my username and password in the given format username:password and encoding it to Base64 so that it provides security.
  3. If you don’t pass valid credentials from here, in the method OnAuthorization it should add Unauthorized Response.


Step 7: Create console / windows/ web application to consume the API

Here I’ve created Console application.

File: Program.cs

  • Here HTTPClient is used to consume RESTful API’s.
  • And then creating the Authorization header to pass the username and password in format (username: password).
  • client.GetAsync consumes the API and returns the Result.
  • From the result we can check the Status Code.


8 thoughts to “Authentication and Authorization in ASP.NET Web API using Custom Filters”

  1. I often visit your blog and have noticed that you don’t update it often.
    More frequent updates will give your website higher rank & authority in google.
    I know that writing content takes a lot of time, but you can always help yourself with miftolo’s tools which will shorten the time of
    creating an article to a couple of seconds.

  2. Do you have a spam problem on this site; I also am a blogger,
    and I was wondering your situation; many of us have created some nice methods and we are looking to swap solutions with others, be sure to shoot me an e-mail if

  3. Hey! This post couldn’t be written any better! Reading through this post reminds
    me of my old room mate! He always kept talking about this.

    I will forward this page to him. Fairly certain he will have
    a good read. Many thanks for sharing!

  4. I can see that your website probably doesn’t have
    much traffic. Your articles are awesome, you only need more new readers.
    I know a method that can cause a viral effect on your website.
    Search in google: dracko’s tricks make your content go

  5. Hello buddy. It was hard to find this site in google.
    It’s not even in top10. You should focus on hq backlinks from high authority sites in your niche.
    I know of a very effective free method to get high quality backlinks and instant traffic.
    The best thing about this method is that you start getting clicks right
    away. For more info search in google for: masitsu’s tricks

Leave a Reply

Your email address will not be published. Required fields are marked *