Sample codes for dotNet 4.5 show how to insert a delegating handling for webAPI controllers into webAPi projects. FUrthermore, the handler then validateds the token, inducing appropriate http errors when things go wrong at the guard.
because our projects uses lots of WIF, we cannot move to dotNet 4.5 – and thus cannot use the sample code (or the JWT securitytokenhandler). So, we have to approximate the right way of doing things (for now). Our delegating handler thus far looks like this – and at least it compiles, and guards Just the webAPI calls (in our web forms project);
Obviously, now one adds a roll your own token validation routine….
but at least we have a basic guard, without having to insert a IIS handler.
Note, Ive absolutely no idea what I’m really doing with parallel tasks, the APIs, etc. So there may be lots of better ways of doing what is shown.