Multiple C# WebAPI API routes - restrict API method to one of the routes

Question

I have multiple routes for my API like

config.Routes.MapHttpRoute(
    name: "DefaultApi",
    routeTemplate: "api/{token}/{controller}/{action}",
    defaults: null,
    constraints: null,
    handler: HttpClientFactory.CreatePipeline(
                new HttpControllerDispatcher(config),
                new DelegatingHandler[] { new ApiTokenValidator() })
);
config.Routes.MapHttpRoute(
    name: "LoginApi",
    routeTemplate: "api/{controller}/{action}",
    defaults: null,
    constraints: null,
    handler: HttpClientFactory.CreatePipeline(
                new HttpControllerDispatcher(config),
                new DelegatingHandler[] { new ApiLoginHandler() })
);

How can I make sure that a method in my APIController only can be used by for example the LoginApi route/handler?

Specify it in constraints, or use attribute routing. That's what you need? — Uriil, Jun 05 '15 at 13:48
The order you create mappings matters. You should have your "DefaultApi" as the last defined mapping. — Padraic, Jun 05 '15 at 15:09
@Uriil how would you use that in my case where I want to restrict a method for only one of the mappings? — Jacob, Jun 08 '15 at 09:34

score 1 · Accepted Answer · answered Jun 16 '15 at 07:06

Like Uriil commented on the question, the answer is to use attribute routing.

As of http://www.asp.net/web-api/overview/web-api-routing-and-actions/attribute-routing-in-web-api-2#add-routes

In my Example I use it like this to restrict the AddUser method to only be used with the wordpress api

[Route("api/wordpress/shared/AddUser")]
[HttpPost]
public Object AddUser(string username)
{
}

Multiple C# WebAPI API routes - restrict API method to one of the routes

1 Answers1