I'm trying to use Azure Active Diretory Library to implement authentication between a Web Application and a OData V4 WebApi. I using SQL to authenticate the user so, I don't need to authenticate the them using AADL, just authenticate the application. I saw several demos in the internet but none of them do this kind of thing. The major problem is my Web Application is using OData client Generator so I don't need open HttpClient request to call my API I just use the context to do it. Considering this scenario how can I protect my odata api to be use only by my web application? here's some examples of my code.
One of my odata controllers
using System.Data.Entity.Infrastructure;
using System.Linq;
using System.Threading.Tasks;
using System.Web.Http;
using System.Web.OData;
using VPNUX.Model;
namespace VPNUX.API.Controllers
{
public class EstadosController : ODataController
{
private readonly DB_VPNUX _db = new DB_VPNUX();
[EnableQuery]
public IHttpActionResult GetEstados()
{
return Ok(_db.ESTADOS);
}
}
}
this is the way that I call this controller in my web application
public ApiContext ApiContext = new ApiContext(new Uri(ConfigurationManager.AppSettings["ApiUrl"]));
_consultaViewData.PacienteViewData.Estados =
ApiContext.Estados
.Select(estado => new ListItem(estado.NOME, estado.ID))
.ToList();
And everything comes directly from my OData Client .cs file
This is the first time that I'm using odata which works great but I need to protect my API.
Thanks
To use basic authentication in OData Client, you can set credential in DataServiceContext by
, Or you can set headers by using DataServiceContext.SendingRequest2.