I'm designing a RESTful API for school. After looking through the documentation it doesn't look like I do authentication through the RESTful API, it has to be done on the front end and then check against my API. Is this correct? Or am I reading the documentation wrong?
Total noob trying to build this super fast because my team is relying on me. Any help would be appreciated.
Authentication is the responsibility of the host i.e. IIS for example. Web API can participate by requiring that only authenticated users can access either;
- all controllers
- a specific controller or;
- a specific action inside a controller;
by applying the [Authorize] attribute appropriately. If no specific user/users OR role/roles have been specified in the [Authorize] attribute, all authenticated users will be allowed access else, only the specified ones.
Hope this helps.