I\'ve been looking at the code (in https://github.com/patelsan/WebAPIAuthentication) from this article: http://www.codeproject.com/Articles/630986/Cross-Platform-Authenticat
In this special case, the default Http Verb is POST. In other scenarios, the default verb depends on the name of the action and other factors. Below is the algorithm quoted from asp.net:
HTTP Methods. The framework only chooses actions that match the HTTP method of the request, determined as follows:
You can specify the HTTP method with an attribute: AcceptVerbs, HttpDelete, HttpGet, HttpHead, HttpOptions, HttpPatch, HttpPost, or HttpPut.
Otherwise, if the name of the action (controller method) starts with "Get", "Post", "Put", "Delete", "Head", "Options", or "Patch", then by convention the action supports that HTTP method.
If none of the above, the method supports POST.
http://www.asp.net/web-api/overview/web-api-routing-and-actions/routing-and-action-selection
File this under learning something new every day!
Typically method name matching is thought of this way. Looking at the WebAPI source, however, there is a branch of logic for fallback. If the method name doesn't map (through attribute, or convention) to a supported HTTP verb, then the default is POST.
By default action selection happens through ReflectedHttpActionDescriptor
class. The important method here is GetSupportedHttpMethods()
. In relevant part the code reads:
if (supportedHttpMethods.Count == 0)
{
// Use POST as the default HttpMethod
supportedHttpMethods.Add(HttpMethod.Post);
}
You can see the full source here (around the middle of the file).