Migrating WCF Services to ASP.NET Web API - reuse ServiceAuthorizationManager?

Question

I am migrating some WCF services to Web API. Is is possible to reuse the ServiceAuthorizationManager or is it strictly for WCF?

Answer 1

Because ServiceauthorizationManager is member of System.ServiceModel namespace, it's a concept of WCF.

From the MSDN,

The ServiceAuthorizationManager is part of the WCF Identity Model infrastructure. The Identity Model enables you to create custom authorization policies and custom authorization schemes. For more information about how the Identity Model works, see Claims and Authorization.

Web API assumes that authentication happens in the host (IIS), which uses HTTP modules for authentication. Custom Authorization is achieved via custom Authorization Filters ( AuthorizeAttribute, AuthorizationFilterAttribute or IAuthorizationFilter). Take a look at asp.net web Api Security on asp.net