This is where security comes in, namely, authentication. As discussed in Chapter 3, User Registration and Administration, basic authentication can be applied with the help of handlers, or bearer authentication can be applied with the help of tokens.
First, let's generate CartsController using the same steps as previously. We now need to apply the [Authorize] attribute to the controller directly, so that all operations in the cart can be authenticated. Our app is already set up to handle bearer authentication.
The following is a code snapshot of CartsController:
[Produces("application/json")]
[Route("api/Carts")]
[Authorize]
public class CartsController : Controller
Due to the [Authorize] attribute, this controller won't allow you to access the GET, POST, PUT, and DELETE action methods if you don't provide the access token.
Let's start designing some cart-related functions on the client side and try to call the action methods in this controller, as shown in the following screenshot:
