OData / WebApi

OData Web API: A server library built upon ODataLib and WebApi
https://docs.microsoft.com/odata
Other
857 stars 473 forks source link

Restrict Access to Metadata document #933

Open agrabhi opened 7 years ago

agrabhi commented 7 years ago

I want only the authorized users to access my services' metadata document (/$metadata).

I tried exposing a controller with route /$metadata, but that doesnt get called. How else this can be achieved?

xuzhg commented 7 years ago

@agrabhi would you please share us your repro project for us to investigate?

ysmoradi commented 7 years ago

Solutions: 1- Develop custom action filter and add it as a global action filter. 2- Develop custom Owin middleware and add it to pipeline before web API middleware. In both (middleware / action filter) you've access o request's path (/$metadata) and user.

agrabhi commented 7 years ago

@xuzhg @ysmoradi give me some time, I'll give the sample repro.