locked
Secure Web API with No Authentication project type RRS feed

  • Question

  • User-590375999 posted

    Hi,

    i created a web api with no authentication, how can i secure my web api, now every one can access my web api, i need to allow access from certain clients.

    Thursday, March 8, 2018 2:59 AM

All replies

  • User61956409 posted

    Hi sivapooja,

    no authentication, how can i secure my web api, now every one can access my web api, i need to allow access from certain clients.

    If your client app make requests to your webapi from WebClient via AJAX, you can specify which origins are allowed to access the resource.

    Besides, you can do some configurations to restrict requests from specific IP addresses.

    With Regards,

    Fei Han

    Friday, March 9, 2018 5:29 AM
  • User-590375999 posted

    Hi Fei Han,

    Besides, you can do some configurations to restrict requests from specific IP addresses

    I don't want to allow all request from specific ip address, i need to restrict certain calls even it is from same ip address?

    Friday, March 9, 2018 6:21 AM
  • User61956409 posted

    Hi sivapooja,

    need to restrict certain calls even it is from same ip address

    It seems that you want to restrict user to access specific action methods, not blocking all requests/calls. If that is case, implementing authentication and authorization for your Web API would be easy to help you achieve the requirement.

    With Regards,

    Fei Han

    Wednesday, March 14, 2018 6:29 AM
  • User-474980206 posted

    then you need to pick an authorization framework. 

       https://docs.microsoft.com/en-us/aspnet/web-api/overview/security/

    Wednesday, March 14, 2018 3:25 PM
  • User-590375999 posted
    I am not using asp.net identity, I am using custom database and tables for users and login , so how can I use the asp.net identity to use authentication and authorization
    Thursday, March 15, 2018 2:47 AM
  • User-474980206 posted

    then you want to implement an authentication filter:

       https://docs.microsoft.com/en-us/aspnet/web-api/overview/security/authentication-filters

    you probably want to use a JWT token. google for several examples.

     

    Friday, March 16, 2018 3:07 PM