Skip to main content
BuyLog In
XAF: Cross-Platform .NET App UI & Web API
Search in…
Docs > Backend Web API Service > Authenticate and Authorize Web API Endpoints
All docs
V23.2
.NET 6.0+
XAF: Cross-Platform .NET App UI & Web API
Getting Started
Installation, Upgrade, Version History
Backend Web API Service
Get Started with Web API Service
Create a Standalone Web API Application
Integrate the Web API into an Existing XAF Blazor Application
Add and Protect CRUD Web API Endpoints
Add Endpoints for Business Object Methods
Test the Web API with Swagger or Postman
Consume the Web API from .NET
Authenticate and Authorize Web API Endpoints
Configure JWT Authentication
Configure OAuth2 Azure Authentication
Create Custom Endpoints
Add Paid/Enterprise Modules
UI Shell and Base Infrastructure
Storage, ORM, and Business Model Design
Data Manipulation and Business Logic
User Interface and Behavior Customization
Data Filtering
Application Security and Data Safety
Multi-Tenancy (Data per Tenant)
Validation (Prevent Data Errors)
Conditional Appearance (Manage State of UI Elements)
Reporting (Shape, Export & Print Data)
Analytics (Extract Data Insights)
Document Management
Business Process Management
Event Planning
Localization
Accessibility Support
Debugging, Testing and Error Handling
Deployment
Support, QA & Troubleshooting
API Reference
Download CHM

Authenticate and Authorize Web API Endpoints

  • 2 minutes to read

The Web API supports all standard ASP.NET Core authentication techniques that you can specify in the MySolution.WebApi\Startup.cs (MySolution.Blazor.Server\Startup.cs) file. See the following topic for more information: Authentication.

If you use the Solution Wizard to create a Web API project, enable authentication on the Choose Security page:

Select authentication

Standard Authentication
The wizard generates JWT authentication scaffolding code for the Web API.
OAuth2 Authentication
The wizard adds the JWT and Azure AD scaffolding code to the MySolution.WebApi\appsettings.json file.
Windows Active Directory
The wizard adds the JWT scaffolding code to the MySolution.WebApi\appsettings.json file and the scaffolding code for Windows Active Directory to the MySolution.WebApi\Properties\launchSettings.json file.

See the following topics for information on how to configure the authentication scaffolding code and manually enable authentication:

Configure Authorization for Endpoints or Protect Business Object Data

You must define Security System permissions for business objects and properties you want to expose through a Web API Service (both built-in and custom endpoints). We do not recommend that you expose business object data to all users without security protection.

You can configure permissions using one of the following methods:

  • In the code of the ModuleUpdater class (look for the Updater.cs file, because there may be different locations depending on your project configuration).
  • In the administrative UI powered by XAF Blazor/WinForms (this feature requires the Universal license).

For more information, refer to the following concepts and examples:

See Also