Authorising user access to API resource
How can I authorise user access to API resources? I can't access the request context in my ASP Controller methods
5 Replies
how did you try to access to your context?
it's clearly possible
the general way you go around this, and let me say it again, this is the general way, there are others
but you have a site, with user/password/2fac whatever
and the user can create api keys for you /api
then you validate the api key and authorize the request and serve whatever is assked within authorization scope
the api key can go in headers or in the address
you will see both, in a lot of api's
it can also go in the body but that's not that popular afaik
I've seen in headers or in query param most of the time
yes
I want the token to be inside the headers. But do I use DI to get the request context to my controller?
I realised the base ControllerBase has all the information I need about the request