If you make a request to a REST service and are not logged in, by default ASP .NET 5 Identity returns a 302 Redirect to login page. This is great if you are visiting the URL of a controller directly. If you make an Ajax request to a specific REST API and are not logged in however, you are also redirected to the login page and instead of the content of the API you will get the content of the login page itself. Probably without even noticing it right away.
So in instance of API calls I would prefer a 401 Unauthorized status code, e.g. $http requests using AngularJS. Here only the Ajax call itself gets redirected, but the URL of the browser remains the same. This means you won’t see that there is an “authentication problem” and you are not redirected to the login page.
In this article I will demonstrate how to restrict controller access to users that have already logged in. In the second part I will show how to do authentication using a REST Controller.
In order to restrict access to a Controller you only have to add the Authorize Attribute to Controller as shown below.
After adding this Attribute all consumers of this REST service that are not logged in will get a status code 302 redirect to the default login location. I will demonstrate how this location and behavior can be modified in a future article.
With ASP .NET 5 MVC 6 you do not have to rely on external Dependency Injection (DI) libraries any more. It comes with it’s on onboard DI. I will now demonstrate how to set up Dependency Injection for using Entity Framework 7 DbContexts within Controllers.
For simplicity of this example I will not create a separate interface for my DbContext or implement a repository pattern for accessing the database. In bigger projects, I strongly recommend to do so, however. If you want to keep it simple like me you can directly register the DbContext for later on injection into Controllers in the class Startup.cs.
In previous to 7 versions of the Entity Framework all Entity Framework related commands could be executed within Visual Studio. Now you have to use the new ASP .NET 5 dnx command instead.
DbContext Model Migration from Entity Framework 6
In order to migrate my model from Entity Framework 6 to Entity Framework 7, I did not want to manually adjust my old DbContext for Entity Framework 7. Instead I used scaffolding from my existing database to create a completely new model. This minimizes the risk of introducing errors in the new model. After I generated the model, I deleted the previous Migration History table in the database. This might not be suitable for everyone, but I wanted to make a clean cut after transitioning to EF 7.
In order to scaffold a DBContext from an existing database, you first have to set up dnx ef. If you have not done so already, please read the 2 previous blog entries about ASP .NET 5.
Adding Entity Framework 7 Packages to ASP .NET Project
Older versions of the Entity Framework need a full .NET runtime in order to work. If at some point you want to use the new .NET 5 Core e.g. to run your application on Linux etc., you should use Entity Framework 7.