Can anyone please tell me I have MVC 5(C#) API controller, I want access API data using PHP application with user authentication. (without user authentication my PHP code will work). I have already created user model and add top for the C# MVC Controller '[Authorize(Roles = "User")]' . I have already tested this user name & password it is working.
When I add these details with my PHP code, it did not work for me. It say "{"Message":"Authorization has been denied for this request."}" Could you please tell me, why was not working, also If not good my solution, please tell me best solution.
C# MVC Controller
[Authorize(Roles = "User")]
public class HolidayController : ApiController
{
return "value";
}
HTML
<form method="post" action="index.php" enctype="multipart/form-data">
Enter your Postcode:
<input type="text" name="search" id="txtSearch" value="" >
<input name="submit" type="submit" value="Search"/><br />
</form>
PHP Code
if(isset($_POST['submit']))
{
// Checking null values in message.
$value = $_POST['search'];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'http://www.myname.com/api/Holiday?pcode='.$value.'');
curl_setopt($ch, CURLOPT_POST, 1);// set post data to true
curl_setopt($ch, CURLOPT_POSTFIELDS,'Email=name&Password=123456'); // post data
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$json = curl_exec($ch);
$result = curl_exec($ch);
print_r($result);
$Locations = json_decode($json);
curl_close ($ch);
foreach($Locations as $location)
{ echo $location->SubName. }
}
?>
It will print {"Message":"Authorization has been denied for this request."}
Using the tag [Authorize(Roles = "User")] is only going to allow validated windows user to to hit that url. You should look into inheriting the AuthorizeAttribute class. Here is a good example of one implementation http://www.diaryofaninja.com/blog/2011/07/24/writing-your-own-custom-aspnet-mvc-authorize-attributes. You are going to want to change the AuthorizeCore function to check validate your email and password fields instead of using HttpContextBase.User to validate the request.
If you want a simple solution and you don't have problem with security, you could use [AllowAnonymous] instead of [Authorize(Roles = "User")] also if you are returning a JSon you must add the allowget option
public class HolidayController : ApiController
{
[AllowAnonymous]
public ActionResult YourMethod()
{
return Json(data, JsonRequestBehavior.AllowGet);
}
}
Hope this helps
I think you are using a RestFul service, if it's true you need to check if HTTP Basic is allowed, following this steps:
So, if it works you'll need add a HTTP basic authentication information in your request header.
Thing as: curl_setopt($process, CURLOPT_USERPWD, $username . ":" . $password);
Please see: How do I make a request using HTTP basic authentication with PHP curl?