Authenticating each request

Topics: Web Api
Nov 21, 2011 at 5:02 PM

I'm trying to authenticate each web method request. Right now in every method I call a function:

public static bool Authenticate(int userId, string guid)
        {
            //if debug mode, authenticate no matter what so we don't have to pass authuserid and authguid into every method while testing.
            #if DEBUG
                return true;
            #else
                var user = LeapFrogUserData.Find(userId, guid);
                if (user == null)
                    throw new HttpResponseException(String.Format("Invalid authentication! User id: {0} and guid: {1}", userId, guid));
                return true;
            #endif
        }
Obviously I'd rather call this globally. Not every single web method needs to be authenticated, only certain ones, so I need to be able to specify an authorize attribute on the web methods to be validated. How would I go about doing this? I looked into the RequestHandlers and MessageHandlers but couldn't figure it out. I also tried overriding the ASP.NET MVC Authorize attribute but that didn't work either.