0

I little unsure of my actions. I started my first web api application. So I wanna create api where is all functionality include authorization. And web and mobile applications which will work with my api. Something like that

But I discover problem on authorization step. I must handle many api's response variation like 401(unauthorized),200(OK) etc. I get response in Json format. And every response have own structure and its structure changes in differet cases. So that is the problem I can miss handle something and crash my app. How can I avoid it. May be I missunderstand something. I will be greateful for any help.

I create API on asp.net core framework.

Some response examples

OK 200 {"result":{"succeeded":true,"isLockedOut":false,"isNotAllowed":false,"requiresTwoFactor":false},"token":"eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJuYW1laWQiOiI5YjkwZDFmZC1iMjQzLTRhMTEtYWQ3NS1iZWU0ZDJjNTJhNTEiLCJ1bmlxdWVfbmFtZSI6IkVlZm9zZmF0dXMxMzNAZ21haWwuY29tIiwibmJmIjoxNTkzOTU4MjM4LCJleHAiOjE1OTQwNDQ2MzgsImlhdCI6MTU5Mzk1ODIzOH0.AUjS7ocjp3Z_HuU1QqBPUG4NlNcRAihjOhbKBAC_6ecjjlZQM417M9KKGEk1uAr0yKFl9dcPNo04YPSKs-vJ7g"}

401 Unauthorized

{"type":"https://tools.ietf.org/html/rfc7235#section-3.1","title":"Unauthorized","status":401,"traceId":"|9ca7ae31-444c9220bfc1657b.1.88f5b6d2_"}

API's action for example

public async Task<IActionResult> Login(LoginModel loginModel)
    {
        if (ModelState.IsValid)
        {
            Microsoft.AspNetCore.Identity.SignInResult result = await _signInManager.PasswordSignInAsync
                (loginModel.Email, loginModel.Password, loginModel.RememberMe, false);

            if (result.Succeeded)
            {
                User user = await _userManager.FindByNameAsync(loginModel.Email);
                ServiceResponse response = new ServiceResponse()
                {
                    Result = result,
                    Token = CreateToken(user)
                };
                return Ok(response);
            }
            else
            {
                return Unauthorized();
            }
        }
        return NoContent();

    }
Improve this question
1
  • 1
    Consider reading the odata specs. They are an example of a well defined API framework that will handle MOST of your problems. Not saying you should go this way - but a lot of your question is "I am confused". Including thinking that stuff you handle once, centralle (authorozation et al) are a serious coding problem. Or that the json format is - can you imagine I jsut finished al large angular project where the UI people do not decide a single line of json? All models are generated from metadata and automatically generated by a tool. Commented Jul 5, 2020 at 16:44

1 Answer 1

Reset to default
1

You should create a model for your responses and return all of your responses in that structure.

Example:

public class ResponseModel
{
    public bool Succeeded { get; set; }
    
    public string Message { get; set; }
    
    public object Content { get; set; }
}

Ok Response structure : 
{
    "succeeded" : true,
    "message" : "some-message",
    "content" : {
        "isLockedOut" : false,
        "isNotAllowed" : false,
        ...
        ..
    } 
}

UnAuthorized Response structure :
{
    "succeeded" : false,
    "message" : "some-message",
    "content" : {
        "title" : "unauthorized",
        "status" : "401",
        ...
        ...
    } 
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.