Authenticate and Authorize Web API Endpoints
- 2 minutes to read
The Web API supports all standard ASP.NET Core authentication techniques that you can specify in the MySolution.WebApi\Startup.cs (MySolution.Blazor.Server\Startup.cs) file. See the following topic for more information: Authentication.
If you use the Solution Wizard to create a Web API project, enable authentication on the Choose Security page:
- Standard Authentication
- The wizard generates JWT authentication scaffolding code for the Web API.
- OAuth2 Authentication
- The wizard adds the JWT and Azure AD scaffolding code to the MySolution.WebApi\appsettings.json file.
- Windows Active Directory
- The wizard adds the JWT scaffolding code to the MySolution.WebApi\appsettings.json file and the scaffolding code for Windows Active Directory to the MySolution.WebApi\Properties\launchSettings.json file.
See the following topics for information on how to configure the authentication scaffolding code and manually enable authentication:
Configure Authorization for Endpoints or Protect Business Object Data
You must define Security System permissions for business objects and properties you want to expose through a Web API Service (both built-in and custom endpoints). We do not recommend that you expose business object data to all users without security protection.
You can configure permissions using one of the following methods:
- In the code of the
ModuleUpdater
class (look for the Updater.cs file, because there may be different locations depending on your project configuration). - In the administrative UI powered by XAF Blazor/WinForms (this feature requires the Universal license).
For more information, refer to the following concepts and examples:
- Create Predefined Users, Roles and Permissions in the Database
- How to restrict inter-departmental data access using Security Permissions (EF Core)